Support for OAuth 2.0 HTTP authentication. This is intended to be used with primarily following use-cases in mind:

Create a protected resource
Create a authenticating server
Create a web client accessing protected resources

It is very simple to create an OAuth server with just a few lines of code. It is also possible to implement a custom back end for data storage and retrieval. The default implementation stores only to memory, so a JVM restart flushes all data.

{
  @code
  public Restlet createInboundRoot(){
    ...
    OAuthAuthorizer auth = new OAuthAuthorizer(
      "http://localhost:8080/OAuth2Provider/validate");
    auth.setNext(ProtectedResource.class);
    router.attach("/me", auth);
    ...
  }
}

Example 1. Creating a Protected Resource

{
  @code
  OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);
     
    //A Slightly more advanced example that also sets some SSL client parameters
    Client client = new Client(Protocol.HTTPS);
    Context c = new Context();
    client.setContext(c);
    c.getParameters().add("truststorePath", "pathToKeyStoreFile");
    c.getParameters(0.add("truststorePassword", "password");
    OAuthParameter params = new OAuthParameters("clientId", "clientSecret",
    oauthURL, "scope1 scope2");
    OAuthProxy proxy = new OauthProxy(params, getContext(), true, client);
    proxy.setNext(DummyResource.class);
    router.attach("/write", write);   
}

Example 2. Creating a Proxies to access protected resources

@since Restlet 2.1 @author Kristoffer Gronowski @author Martin Svensson @see OAuth @see OAuth 2 draft 10 @see User Guide - OAuth extension