Skip to content
/ kotlin-ktor-oauth2-resource-server-api Public

Ktor API which acts as a resource server in an oauth2.0 client credentials grant/flow

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eiriktve/kotlin-ktor-oauth2-resource-server-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
postman
postman
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Ktor resource server API

A ktor API which acts as a resource server in an oauth2.0 client credentials grant/flow, protecting resources only accessible by clients presenting a valid access token. The token is verified against an authorization server.

The repo explores best practices for common use cases, such as:

  • Application setup and configuration
  • Database setup and configuration (postgres), using JetBrains Exposed
  • Authorizing requests by integrating with an Oauth2 Authorization Server
  • Routing and CRUD operations
  • Dependency Injection with Koin
  • OpenAPI documentation

Some light reading on the responsibilities of a resource server: https://www.oauth.com/oauth2-servers/the-resource-server/

Technologies

  • kotlin 2.x with JDK 21
  • ktor 2.x
  • koin
  • exposed

Domain

The resource guarded by this resource server API is employee information. You can create and change employees, and retrieve information about employees and their certifications.

Configuration

The application is a self-contained package (as opposed to a deployable WAR) with netty as the application engine, and with an (external) server configuration file.

Example in-repo yaml config here

Database

The following postgres tables are required.

-- Create Company Table
CREATE TABLE Company (
    company_id SERIAL PRIMARY KEY,
    name VARCHAR(50) UNIQUE NOT NULL,
    business VARCHAR(50) NOT NULL -- i.e., IT, Health, Stocks/trading
);

-- Create Employee Table
CREATE TABLE Employee (
    employee_id SERIAL PRIMARY KEY,
    first_name VARCHAR(50) NOT NULL,
    last_name VARCHAR(50) NOT NULL,
    email VARCHAR(100) UNIQUE NOT NULL,
    position VARCHAR(50),
    employer_id INT REFERENCES Company(company_id)
);

-- Create Certification Table
CREATE TABLE Certification (
    certification_id SERIAL PRIMARY KEY,
    name VARCHAR(100) NOT NULL,
    authority VARCHAR(100) NOT NULL,
    date_earned DATE NOT NULL,
    expiry_date DATE NOT NULL,
    employee_id INT REFERENCES Employee(employee_id)
);

Swagger

Swagger doc is available at {server}{port}/openapi

Postman examples

There's a postman collection located here. As for the Authorization header, you need to get a token from the configured Authorization Server. If you want to set it up yourself, I have one here you can clone.

About

Ktor API which acts as a resource server in an oauth2.0 client credentials grant/flow

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages