OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on HTTP services like Facebook and GitHub. It works by delegating user authentication to the service hosting the user account and authorizing third-party applications to access the user account with the user's permission. The document then provides steps for implementing OAuth 2.0 authorization in a Grails application, including adding plugins, generating domain classes, configuring authorization rules and scopes, and performing the authorization code grant flow.

1. OAUTH 2.0

2. What is OAuth
OAuth 2 is an authorization framework that
enables applications to obtain limited
access to user accounts on an HTTP
service, such as Facebook, GitHub, and
DigitalOcean. It works by delegating user
authentication to the service that hosts the
user account, and authorizing third-party
applications to access the user account.

3. How to work

4. Lets start building an app with OAuth

5. Add plugin in
buildConfig.groovy
compile ":spring-security-oauth2-
provider:2.0-RC5"

6. Domain Classes
Run this script
grails s2-init-oauth2-provider <package>
<client> <authorization-code> <access-
token> <refresh-token>

7. Config.groovy
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/oauth/authorize', access: "isFullyAuthenticated() and
(request.getMethod().equals('GET') or
request.getMethod().equals('POST'))"],
[pattern: '/oauth/token', access: "isFullyAuthenticated() and
request.getMethod().equals('POST')"],
]

8. grails.plugin.springsecurity.filterChain.chainM
ap = [
[pattern: '/oauth/token', filters:
'JOINED_FILTERS,-oauth2ProviderFilter,-
securityContextPersistenceFilter,-
logoutFilter,-
authenticationProcessingFilter,-
rememberMeAuthenticationFilter,-
exceptionTranslationFilter'],
[pattern: '/securedOAuth2Resources/**',

9. Add User
Role roleUser = new Role(authority:
'ROLE_USER').save(flush: true)
User user = new User(
username: 'user1',
password: 'user1',
enabled: true,
accountExpired: false,

10. Add Client
new RestClient(
clientId: 'AskMeBazaar',
authorizedGrantTypes:
['authorization_code', 'refresh_token',
'implicit', 'password', 'client_credentials'],
authorities: ['ROLE_CLIENT'],
scopes: ['read', 'write'],
redirectUris: ['path of your
application where u want to render the auth

11. Authorization Code
Grant
http://localhost:8080/oauth2-
test/oauth/authorize?
response_type=code&client_id=my-
client&scope=read

12. Redirect
http://myredirect.com/?code=139R59

13. Using HTTP Basic for client
authentication
curl -X POST
-d "client_id=my-client"
-d "grant_type=authorization_code"
-d "code=139R59" http://localhost:8080/oauth2-
test/oauth/token

14. receive the access token in the response
access_token": "a1ce2915-8d79-4961-8abb-2c6f0fdb4aba",
"token_type": "bearer",
"refresh_token": "6540222d-0fb9-4b01-8d45-7be2bdfb68f9",
"expires_in": 43199,
"scope": "read"

15. References

https://developers.google.com/identity/protocol

https://www.digitalocean.com/community/tutoria

https://grails.org/plugins/tag/oauth2