Getting Started

All three Plan B components can be easily built and started locally. You will need:

• Java 8 JDK for Provider and Revocation Service
• Go 1.6 for Token Info
• Cassandra 2.1 for Provider and Revocation Service (can be started as Docker container)

Follow the README instructions in the respective repositories to build the components:

• https://github.com/zalando/planb-provider
• https://github.com/zalando/planb-tokeninfo
• https://github.com/zalando/planb-revocation

Start Cassandra and create the necessary keyspaces for Provider and Revocation (we assume source was checked out into planb-provider and planb-revocation):

$ docker run --name cassandra -d -p 9042:9042 cassandra:2.1
$ docker run -i --link cassandra:cassandra --rm cassandra:2.1 cqlsh cassandra < planb-provider/schema.cql
$ docker run -i --link cassandra:cassandra --rm cassandra:2.1 cqlsh cassandra < planb-revocation/schema.cql

You can use the generate-load-test-data.py script to generate a test key pair and test credentials:

$ sudo pip3 install bcrypt # install required Python module to hash passwords
$ ./planb-provider/scripts/generate-load-test-data.py > test-data.cql
$ docker run -i --link cassandra:cassandra --rm cassandra:2.1 cqlsh cassandra < test-data.cql

This will create a bunch of test service users and clients, e.g.:

• username “test0” and password “test0”
• client ID “test0” and client secret “test0”

Now start the Provider (default port 8080) and Token Info (default port 9021).

$ export OAUTH2_ACCESS_TOKENS=customerLogin=test             # fixed OAuth test token (unused)
$ export TOKENINFO_URL=https://example.com/oauth2/tokeninfo  # required for /raw-sync REST API (unused here)
$ java -jar planb-provider/target/planb-provider-1.0-SNAPSHOT.jar &

$ export OPENID_PROVIDER_CONFIGURATION_URL=http://localhost:8080/.well-known/openid-configuration
$ export UPSTREAM_TOKENINFO_URL=https://auth.example.org/oauth2/tokeninfo
$ export REVOCATION_PROVIDER_URL=https://planb-revocation.example.org/revocations
$ $GOPATH/bin/planb-tokeninfo

Let’s first check that our OpenID Provider runs and contains at least one test key pair:

$ curl http://localhost:8080/.well-known/openid-configuration # should contain jwks_uri
$ curl http://localhost:8080/oauth2/connect/keys # should return at least one public key

We can create a new JWT token with cURL:

$ curl -u test0:test0 \
  -d 'grant_type=password&username=test0&password=test0' \
  http://localhost:8080/oauth2/access_token?realm=/services

Afterwards we can validate the JWT using the Token Info:

$ TOKEN=... # insert "access_token" value from above
$ curl -H "Authorization: Bearer $TOKEN" http://localhost:9021/oauth2/tokeninfo