Access and Refresh Tokens as Macaroons - Example Code

1. Access and Refresh Tokens as Macaroons - Example Code

Samuel Valdes Gutierrez 02-24-2022 08:20

Hi all,

Quick question. Currently, I am working on developing a Proof of Concept solution with my university and a private company for a specific service. What we are digging into is the possibility to implement macaroons tokens (Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud – Google Research) as access and refresh tokens using your services. Looking into your Platform I have seen some posts where you have this Beta feature implemented. Do you have any example code I can further so I can analyze the possibility of leveraging your solutions for this PoC I am working with?

Regards,

Samuel


Samuel Valdes Gutierrez

2. RE: Access and Refresh Tokens as Macaroons - Example Code

Cyril Grosjean

Hi Samuel,

This feature is not in beta, it’s fully supported, at least in version 7.1 of our platform. As a 1st step, did you check this documentation: ForgeRock Access Management 7.1.2 > OAuth 2.0 Guide > Macaroons as Access and Refresh Tokens ?


Cyril Grosjean

3. RE: Access and Refresh Tokens as Macaroons - Example Code

Samuel Valdes Gutierrez

Posted 03-09-2022 06:33

Hi Cyril,

Many thanks for your reply. So I check the link you sent me, before posting here. Thought after reading some blogs from Neil Madden, this feature was a still Beta. My bad.

Anyway, I am wondering how I can introduce myself with some kind of tutorial with AM solution and how I can implement an Authorization server. On my project I am creating a client server with ReactJS (Javascript) and a resource server with FastAPI (python). After reviewing the a blog from Neil Madden (Macaroon access tokens for OAuth: Part 2 – transactional auth - DEV Community), he mention he has some example code on there. Wondering if you can share that code to try to implement what I am doing with AM solution.

Regards,

Samuel


Samuel Valdes Gutierrez