Questions tagged [spring-oauth2]

0

votes
0

answer
2

Views

Customization of TokenEndpoint in Sprin OAuth2

I would like to provide a custom implmentation of the TokenEndpoint class in Spring framework. Ive copied over the TokenEndpoint class of spring and have made my changes to the required places. But when the applications starts, I'm always getting the error Caused by: java.lang.IllegalStateException...
Athomas
1

votes
2

answer
1.7k

Views

Cannot inject LoadBalanced annotated OAuth2RestTemplate

I am using Spring Cloud Angel.SR4. My Configuration class for creating an OAuth2RestTemplate bean is as follows: @Configuration public class OAuthClientConfiguration { @Autowired private MyClientCredentialsResourceDetails resource; public OAuthClientConfiguration() { } @Bean @Qualifier('MyOAuthRestT...
Armin Balalaie
0

votes
0

answer
3

Views

How to disable default Spring OAuth2 REST APIs?

We use the following version of spring-security-oauth2: org.springframework.security.oauth spring-security-oauth2 2.0.11.RELEASE When enabling the authorizationserver and configuring it, the framework enables default APIs like '/oauth/check_token' or '/oauth/token_key'. I don´t use these APIs (exce...
dso
1

votes
2

answer
1.2k

Views

How can Spring add a new _csrf token to a session variable?

When someone does a POST to /oauth/authorize in Spring OAuth2 (Source code for the API at this link), the CSRF token is updated at the server. What specific code syntax can be used to: 1.) Access the newly minted CSRF token in code? 2.) Assign a copy of the newly minted CSRF token to an inert sess...
CodeMed
1

votes
1

answer
578

Views

How to store facebook authenticated user in DB?

I tried to implement this tutorial https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout This is my application config(spring boot) @Configuration @ComponentScan(basePackages = {'org.fiodorov.controller','org.fiodorov.service', 'org.fiodorov.config'}) @EntityScan(basePackages =...
Filosssof
1

votes
2

answer
1k

Views

Spring OAuth - Reload resourceIds and authorities of authentication

I just apply Spring Boot and Spring Cloud to build a microservice system. And I also apply Spring Oauth to it. Honestly, everything is perfect. Spring does a great job in it. In this system, I have a microservice project does the job of an OAuth server, using JDBC datasource, and I using Permission...
Nguyen Minh Dung
1

votes
2

answer
1.2k

Views

Return RESTful/json response instead of login form in Spring boot OAUTH2

I'm struggling to return a json response when the user is nog logged in, instead of returning a html login form. The application is only using @RestController's and I do not want any web support. http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disabl...
Kramer
1

votes
1

answer
296

Views

Spring oauth2 and digest authentication will work together

I have added spring oauth2 into my restful service. Most of the services are consumed by my own portal so getting the token then calling the api is fine. However i have exposed some more web services which has to be called without this token concept. Those consumers have username and password. The b...
Kanagavelu Sugumar
1

votes
2

answer
1.4k

Views

Spring OAuth authorization server and resource server on different servers

I am trying to configure spring boot authorization and resource server, each on a different server. The tutorial doesn't not explain how exactly to configure the resource and authorization server on different servers. If your Resource Server is a separate application then you have to make sure you...
Adelin
0

votes
1

answer
23

Views

Spring Oauth2 Authorization server User Info Endpoint with multiple grant_type not working

I've authorization server which has inbuilt DB Authentication manager. Here are the configurations. AuthConfig.java @Configuration @EnableAuthorizationServer public class AuthConfig extends AuthorizationServerConfigurerAdapter { @Autowired @Qualifier('authenticationManagerBean') private Authenticati...
Karthik Prasad
1

votes
2

answer
54

Views

Spring OAuth2 - Authorization Server - Differentiate users on clients

i'm stuck with my application. It's sound simple: I have two clients registered on my OAuth AuthorizationServer and two users. User alpha can access both apps ('androidapp' and 'angularapp'), but user beta only can access to one of these applications (only 'angularapp'). How I can differentiate the...
iizAck
1

votes
1

answer
305

Views

Retrieving facebook profile infos with spring-security-oauth2-client

i'm trying to set up a project with facebook login and retrieve some profile infos of the users on connexion. Context: Spring Boot : 2.0.0.RC1 Spring Security Oauth2 Client : 5.0.2.RELEASE Everything is working well and i'm able to connect users via facebook, my problem is that facebook is retrievi...
omahjoub
1

votes
2

answer
2.4k

Views

How do I wire up spring oauth using spring eureka?

I have created a Single Page Application using the Spring Tutorial for making one with AngularJS and OAuth and such found here: https://spring.io/guides/tutorials/spring-security-and-angular-js/#_multiple_ui_applications_and_a_gateway_single_page_application_with_spring_and_angular_js_part_vi This i...
Ian Neethling
29

votes
3

answer
1.4k

Views

Official Spring security oauth2 example doesn't work because of cookies clashing(authorization code mechanism)

According the tutorial Spring Boot and OAuth2 I have following project structure: And following source code: SocialApplication.class: @SpringBootApplication @RestController @EnableOAuth2Client @EnableAuthorizationServer @Order(200) public class SocialApplication extends WebSecurityConfigurerAdapter...
gstackoverflow
3

votes
1

answer
2.1k

Views

Spring OAuth2.0 - Dynamically register OAuth2.0 client

I am working on setting up an OAuth2.0 authorization server using Spring security. I want to know if there is a way to dynamically register an OAuth2.0 client after the OAuth2.0 authorization server is up and running? Basically, I know that I can register a client while configuring the OAuth2.0 serv...
sunsin1985
1

votes
1

answer
5.5k

Views

Using WebSecurityConfigurerAdapter with Spring OAuth2 and user-info-uri

I have created an Authorization service as follows @SpringBootApplication @EnableAuthorizationServer public class AuthorizationApplication { ... } With this application.properties. server.port=9000 security.oauth2.client.client-id=monederobingo security.oauth2.client.client-secret=monederobingosecre...
alayor
18

votes
6

answer
33.7k

Views

How to get custom user info from OAuth2 authorization server /user endpoint

I have a resource server configured with @EnableResourceServer annotation and it refers to authorization server via user-info-uri parameter as follows: security: oauth2: resource: user-info-uri: http://localhost:9001/user Authorization server /user endpoint returns an extension of org.springframewor...
Sergey Pauk
5

votes
3

answer
6.4k

Views

Spring Boot: Oauth2: Access is denied (user is anonymous); redirecting to authentication entry point

I am trying to use spring boot oauth2 to accomplish stateless authentication and authorisation. However, I am struggling to it working. Here is my code: @EnableAutoConfiguration @ComponentScan //@EnableEurekaClient //@EnableZuulProxy @Configuration public class AuthServiceApp { public static void ma...
cosmos
5

votes
2

answer
1.7k

Views

SpringSecurity WithSecurityContext MockMvc OAuth2 always unauthorised

I have followed the following links to try and test OAuth2 @PreAuthorise(hasAnyRole('ADMIN', 'TEST') for example but I can't any of the tests to pass or even authenticate. When I try to access the end point with admin (or any role) it will never authenticate properly. Am I missing something obvious...
revilo
22

votes
3

answer
1.3k

Views

Official Spring security oauth2 example doesn't work(authorization code mechanism)

According the tutorial Spring Boot and OAuth2 I have following project structure: And following source code: SocialApplication.class: @SpringBootApplication @RestController @EnableOAuth2Client @EnableAuthorizationServer @Order(200) public class SocialApplication extends WebSecurityConfigurerAdapter...
gstackoverflow
4

votes
1

answer
755

Views

spring-cloud: Disable CSRF

Tried disabling CSRF in the edge/zuul with http.csrf().disable(). But still csrfFilter is available in filter chain @ position 4. I even have set property spring.enableCsrf: false. Still the csrfFilter kicks in and my ajax requests get 403 error. How to disable CSRF with Zuul and external OAuth serv...
Ahamed Mustafa M
4

votes
1

answer
484

Views

How can I redirect requests from the root context “/” to custom configured “server.context-path”

I have a simple Spring Boot web app which is configured with @EnableAuthorizationServer. It is configured with server.context-path=/uaa and everything works as expected. However, when I hit the app at the URL http://localhost, I get a 404. I want to redirect those requests to http://localhost/uaa. I...
Michael Pridemore
4

votes
3

answer
3.1k

Views

Store token from OAuth2 server in cookie using Spring OAuth

Is there any configuration provided by Spring OAuth2 that does the creation of a cookie with the opaque or JWT token? The configuration that I've found on the Internet so far describes the creation of an Authorization Server and a client for it. In my case the client is a gateway with an Angular 4 a...
Juan Vega
4

votes
2

answer
1.1k

Views

Getting 404 after oauth2 authentication success and an anonymous token

i am using oauth2 with springboot 1.5.6.RELEASE and i am using jdbc authentication with oauth2. i added the property: security.oauth2.resource.filter-order = 3 1- AuthorizationServerConfigurerAdapter: @Configuration @EnableAuthorizationServer public class OAuth2Config extends AuthorizationServerConf...
Mahmoud Saleh
22

votes
1

answer
10.1k

Views

Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authen...
sura2k
3

votes
2

answer
9.2k

Views

How to autowire this TokenStore

How do I trigger auto-logout of this sample Spring Boot OAuth2 app? I tried adding the following code from an answer to this other posting into a new controller class in the demo package of the authserver app: package demo; import javax.servlet.http.HttpServletRequest; import org.springframework....
CodeMed
5

votes
1

answer
934

Views

how to integrate regular username/password login with 3rd party social login for a Spring Boot + Angular single page web app?

I have a Angular + Spring boot single page web app. The server also acts as an Auth Server which issues tokens for the angular app to use to make Restful API calls. My old login flow uses a grant_type=password POST call to the /oauth/token endpoint to get a Bearer token. And all further API calls on...
Quan Ding
12

votes
3

answer
993

Views

How to logout oauth2 client in Spring?

I have the simplest oauth2 client: @EnableAutoConfiguration @Configuration @EnableOAuth2Sso @RestController public class ClientApplication { @RequestMapping('/') public String home(Principal user, HttpServletRequest request, HttpServletResponse response) throws ServletException { return 'Hell...
gstackoverflow
4

votes
1

answer
1.8k

Views

TokenEndpoint : Handling Null Pointer Exception

I've tried requesting a code from my oauth2 server by executing this command through curl curl -X POST -k -vu clientapp:123456 http://localhost:8080/oauth/token -H 'Accept: application/json' -d 'grant_type=authorization_code&scope=read%20write&client_secret=123456&client_id=clientapp&code=appcode&re...
user962206
2

votes
1

answer
1.1k

Views

Spring Security OAuth2 CORS issue for Authorization header

I use 4.2.0.RELEASE, 4.0.2.RELEASE, and 2.0.9.RELEASE. I use @CrossOrigin to dela with CORS. For now, I want to allow all the headers and all the methods. I can use any of the other headers than Authorization without any CORS issue. But with Authorization(header to send Bearer token), I get CORS iss...
Puneet Pandey
23

votes
2

answer
1.5k

Views

HttpSession null after replacing AuthorizationRequest

Complete code and instructions to quickly reproduce the problem are given below. THE PROBLEM: The HttpSession becomes null after a custom implementation of DefaultOAuth2RequestFactory replaces the current AuthorizationRequest with a saved AuthorizationRequest. This causes failure of the subsequent...
CodeMed
6

votes
0

answer
3.3k

Views

Multiple resource server oauth2 clients? Spring OAuth2 SSO

Good day, I have setup a working example implementing SSO & the API Gateway pattern (similar to what is described here https://spring.io/guides/tutorials/spring-security-and-angular-js/#_the_api_gateway_pattern_angular_js_and_spring_security_part_iv). The system consists of separate server component...
Roscoe Lotriet
2

votes
2

answer
2.4k

Views

Client, Auth Server and Logout

So, i have a standalone OAuth2 auth server and client app (web-based), all using Spring OAuth2. I have a login form host on the Auth server with redirection etc from the client app using Spring setup (via the login form). All good so far. I added a logout setup on the client: .and() .logout() .addLo...
martin samm
1

votes
1

answer
844

Views

disable confirmation page in Spring OAuth2

I am studying Spring OAuth2 by decomposing the set of three interconnected sample apps at this GitHub link. The apps work as intended on my devbox, but the authserver app produces an unwanted confirmation page that asks the user to confirm that they authorize the client at localhost:8080/login to r...
CodeMed
6

votes
1

answer
1.5k

Views

Spring Ouath2 Registered Redirect Uri

I am using Spring OAuth2 to enable login with SoundCloud. I've have already registered my callback url. So when I am using Spring OAuth2 and set my redirect url explicitly it forced me to process it manually (by providing some controller for it). I put it in application.yml : pre-established-redirec...
Sergii Getman
3

votes
1

answer
4.6k

Views

Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

I am starting with Spring OAuth2. So far so good, I have secured my app with the configuration. But I have an issue, my client does not support HTTP Basic Authorization. Is there a way how to disable HTTP Basic Auth for the /oauth/token endpoint? I would like to send the client_id and client_secret...
Jakub Kopřiva
4

votes
1

answer
406

Views

Spring OAuth2: Validity Period of RefreshTokens is not renewed

I'm using the resource owner password grant with spring-security-oauth in backend. The Tokens are JWT. I would like to have short living access tokens (say 2 minutes) but long living refresh tokens( say on hour). As I understand, after the first login the access token should be valid for 2 minutes a...
3

votes
1

answer
527

Views

Changing Json return format of Spring OAuth2

while consolidating our json responses, I tried to change the spring oauth2 json response to our format. From { 'error': 'invalid_token', 'error_description': 'Invalid access token: undefined' } To { 'status' : 401, 'error_code': 'invalid_token', 'description': 'Invalid access token: undefined' } I...
Otto
6

votes
1

answer
1.2k

Views

use spring cloud gateway with oauth2

i face a problem when i using spring cloud gateway is if any dependency call spring-boot-starter-tomcat directly or recursively it will not work because it will start the embedded tomcat server not the netty server that spring cloud gateway use i started to solve this problem by excluding this...
ashraf revo
3

votes
1

answer
2.8k

Views

spring oauth2 authorization code flow , configuration for VK (Vkontakte)

I'm using social network Vkontakte as Oauth2 authorization server. So I have several steps: 1) get code with request with request_type=code 2) get accessToken when I send request to access token uri So I want to use Spring Oauth2, but I should get authorization code first, then access token, i've t...
Sergii Getman

View additional questions