Wonderwalled

Walled in by the wonderful Wonderwall

Basic toy API in Ktor that showcases usage of Wonderwall from a backend application's point of view. This is not a production-ready application.

Requires (almost) all requests received to contain a Bearer token issued by the configured Identity Provider.

Azure AD:

Expects the token to contain a claim aud with a value that matches the client ID of the application's client.
Supports the On-Behalf-Of flow.
Supports the Client Credentials flow.

ID-porten:

Expects the token to contain a claim aud with a value that matches the client ID of the application's client.
Supports Token Exchange using TokenX.

Maskinporten:

Requires login with Azure AD.
API for fetching machine-to-machine tokens from Maskinporten.

Endpoints

Common endpoints for all identity providers:

/internal/* - unauthenticated
- GET /internal/is_alive
- GET /internal/is_ready
/api/* - requires a Bearer JWT access token in the Authorization header
- GET /api/headers - prints all headers in the request
- GET /api/me - prints all claims for the authenticated user's token

Endpoints for wonderwalled-azure

/api/* - requires a Bearer JWT access token in the Authorization header
- GET /api/obo?aud=<cluster>:<namespace>:<app> - exchanges the authenticated user's token for the given aud (audience)
- GET /api/m2m?aud=<cluster>:<namespace>:<app> - returns a machine-to-machine token for the given aud (audience)

Endpoints for wonderwalled-idporten

/api/* - requires a Bearer JWT access token in the Authorization header
- GET /api/obo?aud=<cluster>:<namespace>:<app> - exchanges the authenticated user's token for the given aud (audience)

Endpoints for wonderwalled-maskinporten

/api/* - requires a Bearer JWT access token in the Authorization header
- GET /api/token[?scope=nav:test/api] - returns a machine-to-machine token with the given scope
- GET /api/introspect[?scope=nav:test/api] - returns the introspection result for a machine-to-machine token with the given scope

Development

Requires JDK installed, minimum version 21.

make azure

or

make idporten

or

make maskinporten

This starts up required dependencies with docker-compose:

wonderwall @ http://localhost:4000 (reverse proxy for openid connect)
texas @ http://localhost:3000 (token exchange / introspection service)
mock-oauth2-server @ http://localhost:7070 (mock identity provider)

and then runs Wonderwalled for the chosen identity provider.

Visit the endpoints at localhost:4000 (i.e. via Wonderwall as a reverse proxy):

Name		Name	Last commit message	Last commit date
Latest commit History 230 Commits
.github		.github
.nais		.nais
azure-token-generator		azure-token-generator
gradle/wrapper		gradle/wrapper
tokenx-token-generator		tokenx-token-generator
wonderwalled-azure		wonderwalled-azure
wonderwalled-common/src/main/kotlin/io/nais/common		wonderwalled-common/src/main/kotlin/io/nais/common
wonderwalled-idporten		wonderwalled-idporten
wonderwalled-maskinporten		wonderwalled-maskinporten
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
build.gradle.kts		build.gradle.kts
docker-compose.yml		docker-compose.yml
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Wonderwalled

Endpoints

Endpoints for wonderwalled-azure

Endpoints for wonderwalled-idporten

Endpoints for wonderwalled-maskinporten

Development

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors 6

Uh oh!

Languages

License

nais/wonderwalled

Folders and files

Latest commit

History

Repository files navigation

Wonderwalled

Endpoints

Endpoints for wonderwalled-azure

Endpoints for wonderwalled-idporten

Endpoints for wonderwalled-maskinporten

Development

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors 6

Uh oh!

Languages

Packages