Spring Security 5.2 Password Flow

后端 未结 1 2060
囚心锁ツ
囚心锁ツ 2021-01-14 00:31

I am trying to authenticate the user using the password flow in the latest version of Spring Security - 5.2.

The docs seem to suggest how to do that.



        
1条回答
  •  伪装坚强ぢ
    2021-01-14 00:55

    After reading into the documentation a bit more I do not think that Oauth 2 password flow in Spring Security 5.2 is supported the same way authorisation flow is. Spring Security 5.2 has password flow support for the http client which can cache the authorization request and refresh the token before it expires - but there is no end user password flow support in which the client proxies the credentials to the authorization server.

    Of course, it is entirely possible to authenticate the end user by harvesting the credentials, implementing a custom AuthenticationProvider that swaps the credentials for a token with the authorization server and returns an OAuth2AuthenticationToken that is persisted to the context.

    0 讨论(0)
提交回复
热议问题