spring-oauth2

Incremental authorization for Google OAuth2 Sign in with Spring Security

断了今生、忘了曾经 提交于 2021-02-19 08:47:05
问题 I was wondering if there is a way for authorizing incrementally with Spring Security (as mentioned here) By default spring security provides basic profile access when using Google sign OAuth verification. That flow is correct. I would however want to request for additional scopes (Gmail Read, Calendar read etc) on certain URL endpoints. I have already tried using the @PreAuthorize property on the endpoint along with enabling @EnableGlobalMethodSecurity(prePostEnabled = true) as in the code.

How can I get a custom Principal object with Spring using OAuth2?

我只是一个虾纸丫 提交于 2021-02-18 12:09:47
问题 I have a Spring Boot application utilizing spring-security-jwt and spring-security-oauth2. I've got a custom User object extending UserDetails and a Custom UserDetailsService returning this object from the loadUserByUsername method. But when I utilize the getPrincipal method of the Authentication object and try to Cast to my custom user object, it fails as the principal is returning a string vs my custom user object. My actual goal is to eliminate the trip to the persistence layer on every

OAuth2 | ClientCredentialsResourceDetails | deprecated

牧云@^-^@ 提交于 2021-02-11 15:40:33
问题 I am new to spring security, and i come across to implement OAuth2 with client_credentials as Grant type. i am using below piece of code, but i am getting suggestion that ClientCredentialsResourceDetails, OAuth2RestTemplate & OAuth2AccessToken are deprecated. Can someone help with the alternate to this ? private String getAuthTocken(){ final ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails(); resourceDetails.setClientId("ceapiClientId"); resourceDetails

Provider ID must be specified for oauth2 client?

早过忘川 提交于 2021-01-29 16:05:41
问题 I am trying setting up a oauth2 client with spring-boot. I have this dependencies on my pom.xml : <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-client</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-jose</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>

OAuth2 client fails when redirecting from the authorization step

为君一笑 提交于 2021-01-29 09:28:46
问题 In my current spring-boot, I am trying sign in the user using an external OAuth2 server. The problem right now is that when I execute the application, after the authorization being successful, the user should be redirected back to the application. When this happens, I got an error. My application.properties file: spring.security.oauth2.client.registration.mercadolivre.provider=mercadolivre spring.security.oauth2.client.registration.mercadolivre.client-id=... spring.security.oauth2.client

Spring OAuth2: How do I allow password grant type using java configuration?

柔情痞子 提交于 2020-12-13 11:35:35
问题 In my java server application, I get the following error when trying to authenticate using the password grant flow: TokenEndpoint - Handling error: InvalidClientException, Unauthorized grant type: password I did allow the grant explicitly for the user in question: @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("officialclient") .authorizedGrantTypes("authorization_code, refresh_token, password") .authorities("ROLE

How to use custom UserDetailService in Spring OAuth2 Resource Server?

别来无恙 提交于 2020-12-13 03:48:30
问题 I'm using Spring Boot (2.3.4.RELEASE) to implement a webservice acting as a OAuth2 resource server. So far I'm able to secure all endpoints and ensure that a valid token is present. In the next step I want to use Spring Method Security. The third step would be to populate custom user details (via UserDetailsService ). How to configure Spring Method Security properly? I'm not able to enable Spring Method Security (correctly). I have entities saved in database and also set the permissions via

How to use custom UserDetailService in Spring OAuth2 Resource Server?

自闭症网瘾萝莉.ら 提交于 2020-12-13 03:46:53
问题 I'm using Spring Boot (2.3.4.RELEASE) to implement a webservice acting as a OAuth2 resource server. So far I'm able to secure all endpoints and ensure that a valid token is present. In the next step I want to use Spring Method Security. The third step would be to populate custom user details (via UserDetailsService ). How to configure Spring Method Security properly? I'm not able to enable Spring Method Security (correctly). I have entities saved in database and also set the permissions via