Week 8 : Eureka!!!! Authorization Server migrated to OAuth2 module

I have finally managed to set up the authorization server completely inside the OAuth2 module.

The token endpoint being used by the module is : /ws/oauth.token and it is completely functional. Here is a screen shot of a sample access token obtained by a client using the OAuth2 module :

OAuth2 module token endpoint

see the browser URL on the RHS of the screen

From here, it should be easy to persist tokens and authorization code in the mysql database.

I am currently working on a video demo to show the OAuth2 module issuing tokens. It could not be posted last Monday due to a lot of bugs that popped up while integrating the Authorization Server. It will be up for sure this¬†Monday ūüôā

I am now proceeding with the tasks mentioned in the step 2 of previous blog post

Wish me luck ūüėÄ

Week 7 : Authorization Server from within the OAuth2 module

Good news is that spring-security is working well with the OAuth2 module.

I can intercept any OpenMRS URI and apply spring security filters to handle user authentication and authorization ūüôā

I am proceeding on adding spring security oauth project. I am working on a demo video to demonstrate the how spring-security-oauth will work with the OAuth module. I’ll be posting it sson

The tasks for this week are :

  • Step 1 : integrate the mid term demo inside OAuth2 module
    • progress :
      • Spring security works fine, tested to intercept all requests to FHIR module
      • set up wireframe and using OAuth2 InMemoryDataStores
      • TeamViewer session
    • Target
      • June 12, 2015 mid-night
  • Step 2 : provide custom implementation for the following
    • UserDetailsService and UserDetails (spring-security-core)
      • map to existing users table to verify user credentials
    • ClientDetailsUserService and ClientDetails (spring-security-oauth)
      • map to read data from oauth_clients table
    • TokenStore
      • custom implementation of JdbcTokenStore class to persist tokens in mysql database
    • Step 3 : Authorization code and Implicit grant type
    • confirm_access i.e /authorize endpoint
      • configure in <authorization_server> to show custom jsp page
    • Step 4 : custom form-login
      • Need to show OpenMRS login page to client or a similar looking page
      • Possible Challenge : linking spring security login with normal login
        • Requirement : symmetric relation
          • normal login should register a new spring security login
          • spring security login should register a normal login
        • Need to know how normal login works. Any extension point? preferably do not modify code of core
        • Alternative:
          • keep login‚Äôs separate

Week 6 : Integration of Spring Security OAuth

So Apache OLTU does not come with any user support. Any bugs that might show up on using it with the OAuth module would have to be fixed by us.

After discussions with Harsha, Suranga and on Talk, we have decided to give Spring Security OAuth a go. There are compatibility issues when using this project with Spring 3.1 or lower, hence supporting spring security oauth on openmrs 1.10 and lower is going to be a challenge.

As of now, I am working on completely providing OAuth2 support on openmrs 1.11.x and above by integrating spring security oauth  project. Once done, I will proceed on extending this support to 1.9.x and 1.10.x so that OAuth2 module can work in parallel with the FHIR module

Week 5 : Mid-Term Presentation time

Continuing from the previous post

I was able to fix the URI template issue. Turns out, all I needed to do was append a ‘.form’ at the end of every URL I send a request to.

We had to submit our mid-term presentation this week. Here is the mid-term presentation for the OAuth2 module

Here is the Talk post : https://talk.openmrs.org/t/gsoc-2015-oauth2-support-for-web-services-apis-midterm-presentation/2284

There are some alternatives to spring-security-oauth project that I am considering mainly because of the compatibility issues  associated with it. OpenMRS 1.10 uses Spring 3.0.5.RELEASE while the spring-security-oauth project requires at least Spring 3.1.1.RELEASE.

I will be testing the module with Apache OLTU and OAuth Apis. Hopefully something works out. If not, I would be happy to code the OAuth2 api from scratch for the module.

I will start migrating the prototype to the final repo on Harsha’s Github¬†profile.

I have been using some really amazing tools for developing the prototype. ¬†If you¬†looking for some cool, free and easy to use project management tools, I’d¬†recommend Axosoft and Trello. You need just 5 minutes to get started with these.

To give you a feel for the UX, here’s what Axosoft’s dashboard looks like :

Axosoft project used for developing the OAuth2 prototype

Axosoft project used for developing the OAuth2 prototype

And Drumrol…… Here’s a Trello board :

Trello Board used for developing the OAuth2 prototype

Trello Board used for developing the OAuth2 prototype

This week I also translated a bunch of words in Hindi for the OpenMRS iOS client. It was fun trying to figure out Hindi typing on an ASCII keyboard.

Here’s the talk post where you can find¬†the translated resources.

https://talk.openmrs.org/t/contribute-to-translating-openmrs-ios-app/2226/25

Week 4 : Implementing the Omod Layer

Hi

I will pick up where I left off last week. The 2 major tasks this week were to complete client registrations and implement the spring¬†security oauth2 project. I am through with the registration part. Some work is required to be done for smooth integration of the spring¬†security oauth project. One major blocker is that ¬†using URI template and @PathVariable¬†are not functioning properly. If this fails, I will pass all the information as query parameters and use @RequestParams instead. It would be interesting though to find out what exactly fixes this. I am trying out the suggestions on talk ūüėÄ

Mid term evaluations begin next week. I plan to get the part till Authorization Code Grant Type up and running. If time permits, I would love to demonstrate the prototype’s functionality with the FHIR module. ūüėÄ

So this week I am focusing on integrating the spring security oauth project ūüėÄ

Signing off for now !!

Week 3 Updates on OAuth2 module

Here is the weekly dev report :

  • Initially I faced bugs introducing @transactional annotattions in the project.
  • Tests, Service Later and Dao complete for client registrations.
  • Prototype will be done and ready for testing in the next 3 days
  • I will be studying UI Framework and some Groovy to make the module¬†comply with the new UI. Here’s a talk post reagarding that :¬†https://talk.openmrs.org/t/openmrs-2-x-ui-support-for-oauth-module/2165
  • Spring security oauth project looks like¬†good to incorporate in the project. I¬†have studied the documentation and will be adding the API to the OAuth module today. If if does not work out (most likely cause is version incompatibility in openmrs-core 1.10 spring and Spring framework used by the project), I will still¬†use a similar architecture¬†as the apring security oauth project so that in future we could support it.

I attended the developer’s forum this week to understand the challenges that would be faced when upgrading the module to work with OpenMRS 2.x. It was good to understand that not much is required to change to Hibernate 4 ,Spring 4.x and Java8 (unless using advanced language features like generics).

This week I plan to complete the prototype and make a video demonstration. It is not a big task if the spring oauth project is seamlessly incorporated, Fingers crossed ūüôā

Spring Oauth Project might be on the way!!

This week I have completed setting up the architecture of the Oauth module. I added sample data and tests for the service Iayer. I devoted more time on the prototype.

As I am developing both the prototype and the final module in parallel, I have to often switch between JDK 7 and JDK 8.

One Major blocker was that while testing the prototype that hibernate was not able to map annotated classes. I was able to fix it by modifying classpath for test resources in IntellijIdea’s project settings. I’m not a very experienced tester, but it’s a bit strange to see that the IDE is affecting development. I always believed that choice of IDE and the product developed/ tested¬†should be independent of each other.

Read more about how I resolved it here

  1. Talk thread
  2. Question on Ask 

Anyway, the coming week is pretty¬†important and I am excited to try out Spring Security Oauth project and figure out how to integrate it with the current development plans. This would incredibly reduce the development time and also make it easy to contribute to the oauth module as we would be using a standard spring project. ūüôā

Harsha and I are planning to move the JIRA project tickets into weekly or bi-weekly sprints from this week or the next. I have drafted a sample Sprint Schedule that we could follow.

  • Sprint 1 : Client Registration (1 week)
    Sprint 1 : Set-up Spring OAuth, tokens, (^ same week)
    Sprint 2 : Authorization Code and Implicit Grant Type (2 weeks)
    Sprint 3 : Client Credentials and Resource Owner Password Credentials GT(1 week)
    Sprint 4 : Testing, Documentation, Bug Fixes + OAuth Client

Looking forward to another productive week ūüėÄ

Full Throttle Development begins now!

My exams ended on 30 May finally. I could not do much last week. So I have planned to cover up for the lime lost this week.

I will be working on the prototype and the main repo side by side. So you can expect a large number of commits this week.

My target this week is to complete the Client Registration part for the main repo.

No Blockers yet, except for the tests not running with hinernate.

Looking forward to an amazing dev_mode week ūüôā \m/

 

Some links for fellow interns :   : https://issues.openmrs.org/secure/ShowConstantsHelp.jspa?decorator=popup#PriorityLevels

Coding Begins!!

The official coding period for GSoC 2015 has started ūüėÄ

I am pretty excited for the OAuth module. We now have a JIRA project as well :  https://issues.openmrs.org/browse/OA

This week was productive in terms of deciding the scope of module. I took part in the Design Call on 18 May to discuss the OAuth module with the developers. Here are the slides from the presentation: Slides РOAuth module Design Call.

There is a thread on OpenMRS talk where we the discussion is being continued : OpenMRS Talk thread : OAuth2 support in RESTWS

I will be following this timeline for developing the OAuth module : OAuth2 Module Development Timeline

Also the FHIR module version 0.9 has been released. Hats off to all the contributors. It does feel good to have worked on FHIR module. I will be continuing my contributions here as well ūüėÄ

The coming week is lined up with final exams ( 1 exam everyday ) and hence I would¬†be taking some time off the coding period. I will resume development from 30th May and you can¬†except some really cool stuff coming along this summer ūüôā \m/

Prototype, Design Call and Client

So there’s not much work left on the¬†prototype. I am facing hibernate mapping issues in my tests. Hopefully they get fixed soon so I can focus on the smaller tasks left (a UI form and controller).

I am excited to¬†get a chance to discuss the project with the developers on tomorrow’s Design Call. The input from the dev team would really help me to better understand their expectations from this project and I’d also get some useful tips to proceed ūüôā

After a lot of thought and discussion with the mentors, we have concluded that designing a Generic Client is not very feasible. After chasing the Oauth Server, which is the primary goal of this project, I plan to follow a 1 interface per OAuth Client approach to design the Client. More details on this after the Design call tomorrow.

My blog about the Testing Framework of OpenMRS is due. I feel I should do that once the current bugs in the testing of the¬†prototype are fixed. I’d put it up on the first week of GSoC

Lastly, my exams are real close. My activity is going to drop during 20-30May. But I am really pumped to cover all the time lost by putting in extra effort when I resume \m/