spring-oauth2

问题 I am creating a spring boot 2 OAuth2 client/server application. The authorization server successfully logins and redirects to the client, but when the client receives the redirect (http://localhost:8080/login/oauth2/code/xe?code=ACK4Ae&state=Jw-dCGYvJa6QV-fcoTGjgY-6FyUyJHa-HBjWdsp3HM4%3D) the client browser displays: Your login attempt was not successful, try again. Reason: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be

问题 I am using spring-security-5 , spring-boot 2.0.5 and oauth2 . I have checked and test by online reference. Like : Spring Security and OAuth2 to protect REST API endpoints Spring Boot 2 Applications and OAuth 2 Everything is fine in my project. When I request this URL , http://localhost:8080/api/oauth/token , I get response as And I restart the server(Tomcat) , I request that URL again, I get response as So my question is, how the client-app can get access_token again after Tomcat or spring

问题 I have a situation: Step 1: Obtained access token (grant_type=password) (A1) and also a refresh token.(RT1) Step 2: Accessed resource (R) using the token (A1) - Success Step 3:Revoked user access role for Resource R. Step 4: Obtained access token (grant_type=password) (A2) and also a refresh token.(RT2) Step 5: Accessed resource (R) using the token (A2) - Failed till here all fine.now comes the unexpected part. Step 6: Obtained new access token (grant_type=refresh_token) using RT2.

问题 I've created some TokenEnhancer to add extra claim to JWT: @Component public class TestTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { final Map<String, Object> additionalJwtProperties = ImmutableMap .<String, Object>builder() .put("testProperty", "testValue") .build(); ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalJwtProperties); return accessToken; } } Then

问题 I'm struggling to return a json response when the user is nog logged in, instead of returning a html login form. The application is only using @RestController's and I do not want any web support. http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable(); When I do a get request using the browser or postman, I receive back the default spring HTML login form. security.basic.enabled=true I'm using OATH2, and when I request a token it works great

问题 I am using Spring Security OAuth2 for authorizations. When trying to refresh the token I get an error: UserDetailsService is required (interestingly I get this error only on unix machines and not on windows). I am using Spring OAuth2 version 2.0.7. For some reason the AuthenticationManager in the DefaultTokenService is not empty and it tries to authenticate the user to check if he still exists. I think it gets initialized because of some spring security vs. spring oauth2 configuration

问题 I have created an Authorization service as follows @SpringBootApplication @EnableAuthorizationServer public class AuthorizationApplication { ... } With this application.properties . server.port=9000 security.oauth2.client.client-id=monederobingo security.oauth2.client.client-secret=monederobingosecret security.oauth2.client.authorized-grant-types=authorization_code,refresh_token,password,client_credentials security.oauth2.client.scope=company,client Then, in a separate spring boot project I

问题 I have 2 separate Spring Boot applications, one serving as an an OAuth 2 authorization server, and the other as resource server. I'm using Spring's RemoteTokenServices in my resource server to check tokens from the authorization server. Now, I'm trying to define protected controller code in my resource server application, but I'm not sure how to map the UserDetails class to the authentication principal provided through the OAuth 2 mechanism. I have set up my authorization server with a custom

问题 Does client_credentials grant type support a refresh token scenario? How should access_token expiry be handled when using client_credentials grant type? I have an authorization service and secured services behind a proxy service (Zuul with EnableOAuth2Sso ) which acts as a gateway for all requests coming from client application. Here is the flow I have: A proxy service (zuul) that accepts requests (rest api) from client application Proxy service invokes Authorization Service api by posting

问题 Good day, I have setup a working example implementing SSO & the API Gateway pattern (similar to what is described here https://spring.io/guides/tutorials/spring-security-and-angular-js/#_the_api_gateway_pattern_angular_js_and_spring_security_part_iv). The system consists of separate server components: AUTH-SERVER, API-GATEWAY, SERVICE-DISCOVERY, RESOURCE/UI SERVER. At the API-GATEWAY (implemented with Spring Boot @EnableZuulProxy @EnableOAuth2Sso) I have configured multiple OAuth providers,