Securing your SPARQL Endpoint via OAuth

SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways, including OAuth.

Sample scenario

The following sample scenario demonstrates the OAuth keys and Protected SPARQL Endpoint features of the Virtuoso Auth UI:

1. Download and install the conductor_dav.vad and ods_framework_dav.vad packages.
2. Go to http://<cname>:<port>/conductor, where <cname>:<port> are replaced by your local server values.
3. Log in as user "dba" or another user with DBA privileges
4. Go to System Admin-> User Accounts:
   
   
   
   
5. Click "Create New Account":
   
   
   
   
6. In the presented form enter respectively:
   • Account name, for ex:demo1; enter password and then confirm it;
   • User type: SQL/ODBC and WebDAV
   • Account role: SPARQL_UPDATE
     
     
     
     
7. Click "Save".
8. The created user should be shown in the list of registered users:
   
   
   
   
9. Go to http://<cname>:<port>/oauth/, where <cname>:<port> are replaced by your local server values.
   
   
   
   
10. Click the "OAuth Keys" link:
    
    
    
    
11. Log in as user demo1:
    
    
    
    
12. The OAuth application registration form will be shown.
    
    
    
    
13. Select SPARQL from the "Application name" list, and click the "Generate Keys" button.
14. A Consumer Key for SPARQL will be generated:
    

    
    90baa79108b1d972525bacc76c0279c02d6421e8
    

    
    
    
    
    
    
15. Click the "Back to main menu" link.
    
    
    
    
16. Click the "Protected SPARQL Endpoint" link.
17. The OpenLink Virtuoso SPARQL Query form will be shown:
    
    
    
    
    
    
    
    
18. Enter a simple query, for ex:
    

    
    SELECT * 
    WHERE 
      {
        ?s ?p ?o
      }
    LIMIT 10
    

    
    
19. For "OAuth token", enter the Consumer Key value which was generated above, i.e.,
    

    
    90baa79108b1d972525bacc76c0279c02d6421e8
    

    
    
    
    
    
    
20. Click the "Run Query" button.
21. In the OAuth Authorization Service form, enter the password for user demo1 and click the "Login" button.
    
    
    
    
22. Next you should authorize the request:
    
    
    
    
23. On successful authentication and authorization, the query results should be shown:
    
    
    
    

Related

• OpenLink's explanation of OAuth
• Virtuoso OAuth server
• Using OAuth with ODS
• ODS Ubiquity Commands
• Virtuoso OAuth Implementation
• ODS Controllers
• Testing Virtuoso OAuth with 3rd Party OAuth Clients
• OAuth Ubiquity Tutorial
• Virtuoso OAuth Test Tool for ODS Controllers
• ODS Ubiquity Tutorials
• OAuth Applications Authentication examples
• OAuth API
• Virtuoso Authentication Server UI.
• WebID Protocol & SPARQL Endpoint ACLs Tutorial
• Generate an X.509 Certificate hosted WebID Guide
• Use WebID Protocol for enhanced ODS-Briefcase (WebDAV) Access Control Lists (ACLs)
• ODS Briefcase WebID Protocol Share File Guide
• WebID Protocol Support in OpenLink Data Spaces.
• Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.
• CA Keys Import using Conductor
• Setting up PubSubHub in ODS
• PubSubHubBub Demo Client Example
• Feed subscription via PubSubHub protocol Example
• Setting Up PubSubHub to use WebID Protocol or IP based control lists
• Complete list of supported oauth~* parameters as per the OAuth Specification