WSO2 IoT Server uses the OAuth 2.0 standard for authorization and supports the following seven grant types by default:
- Authorization code grant
- Client credentials grant
- Password grant
- Refresh token grant
- SAML2 bearer grant
- NTLM grant
- JWT grant
It also has the flexibility to support custom grant types. This section explains how you can implement a custom grant type and demonstrates a sample.
Follow the steps below to implement a new grant type:
Before you begin
WSO2 IoT Server is deployable in both standalone and clustered setups. If you wish to deploy WSO2 IoT Server in a clustered setup with WSO2 Identity Server as the key manager, first Download WSO2 Identity Server and unzip it.
- If the deployment is standalone, the
<PRODUCT_HOME>refers to the home directory of WSO2 IoT Server.
- If the deployment is clustered where the WSO2 Identity Server acts as the key manager, the
<PRODUCT_HOME>refers to the home directory of WSO2 Identity Server.
- Implement the following two extensions:
GrantTypeHandler: This is the implementation of the grant type. It is used to define the grant type validation and token issuance mechanisms. You can write the new implementation by implementing the
AuthorizationGrantHandlerinterface or by extending
AbstractAuthorizationGrantHandler. In most cases, it is enough to extend the
AbstractAuthorizationGrantHandlerin the WSO2 OAuth component.
GrantTypeValidator: This is used to validate the grant request sent to the
/tokenendpoint. You can define the parameters that must be in the request and how they are validated. You can write the new implementation by extending the
AbstractValidatorin Apache Amber component.
- Package the class as a
.jarfile and place it in the
Register the custom grant type by adding a new entry between the <OAuth><SupportedGrantTypes> element of the
Add a unique identifier between the <
Next, try out the sample below to test this out.
This sample demonstrates defining a new grant type called mobile. The mobile grant type is similar to the password grant type except for passing a mobile number instead of a password.
Let's get started.
Obtain the grant type sample project by following either of the steps below:
If you downloaded the source file, navigate to the sample's location through command prompt and generate a
.jarfile into the
You can also modify the project and build it using Apache Maven 3.
Configure the following in the
<IOT_HOME>/conf/identity/identity.xmlfile under the
Restart the server if you have started it before.
In a clustered setup with WSO2 Identity Server used as the key manager, make sure to restart the WSO2 IoT Server and the WSO2 Identity Server.
Generate an OAuth client key and an OAuth client secret.
Send the grant request to the
/tokenAPI using a cURL command.
mobileNumberparameters to the HTTP POST body.
clientid:clientsecretwith the OAuth Client Key and OAuth Client Secret and run the following sample cURL command in the command prompt.
The system displays the following JSON response with an access token.