Slides of flashtalk given at Xplore Group on the 4th of May 2017. It covers Fabric8, Neo4j, GraphQL and OpenID Connect.
Demo applications can be found at: https://github.com/XT-i/flashtalk-demo-neo4j-graphql-openid-connect
2. “fabric8 is an opinionated open source Microservices Platform based
on Docker, Kubernetes and Jenkins”
3. Getting started
• Local installation
• Use VirtualBox instead of Hyper-V as the VM driver
• Uses Minikube to set up a local Kubernetes cluster in a virtual machine
• Default services
• Fabric8 console
• Jenkins
• Gogs
• Nexus
13. GraphQL
GraphQL is a query language for your API, and a server-side
runtime for executing queries by using a type system you
define for your data. GraphQL isn't tied to any specific
database or storage engine and is instead backed by your
existing code and data.
19. OpenID Connect is a simple identity layer on top of the OAuth 2.0
protocol, which allows computing clients to verify the identity of an
end-user based on the authentication performed by an authorization
server, as well as to obtain basic profile information about the end-
user in an interoperable and REST-like manner.
-- Wikipedia --
22. OpenID Terminology
• Relying Party (RP) = Client
• Identity Provider (IdP) or OpenID Provider (OP) = Authorization Server
• Access Token: OAuth2 token providing a client access to one or more
resources on the Resource Server
• ID Token: Used by OpenID (usually a signed JWT token), contains user
information or Claims
• Scope: The information that will be exposed to the Client. In OpenID
this migth reflect as a set of Claims
23. ID Token
• Identity of the user (subject)
• The Identity Provider (iss)
• Audience or Client (aud)
• An optional nonce (nonce)
• Optional authentication time (auth_time)
• Optional strength of authentication (acr)
• Issue date (iat)
• Expiration date (exp)
• Optional additional claims
or user info
• Is signed
• Can be encrypted
• Encoded using Base64 for
use in URLs, ...
27. Endpoints
• Authorization endpoint
• Authentication of Resource Owner (user)
• Grants the Client access to the ID token
• Token endpoint
• Provides the Client with the ID token after the client id, secret and
authorization code have been verified
• Authorization Code != access token (it is temporary)
• User Info endpoint
• Returns the UserInfo associated with an access token (possibly as JWT token)
28. Setting up an Identity Provider
• Google
• Connect2Id:
• https://connect2id.com/products/server/docs/quick-start
• https://connect2id.com/products/server/docs/config/core
• Enable open client registration for testing
• Allow non-SSL redirectUrls for testing on localhost
• https://connect2id.com/products/server/docs/guides/client-registration