spring-oauth2 | 易学教程

Spring OAuth2.0 - Dynamically register OAuth2.0 client

阅读更多关于 Spring OAuth2.0 - Dynamically register OAuth2.0 client

问题 I am working on setting up an OAuth2.0 authorization server using Spring security. I want to know if there is a way to dynamically register an OAuth2.0 client after the OAuth2.0 authorization server is up and running? Basically, I know that I can register a client while configuring the OAuth2.0 server by extending the AuthorizationServerConfigurerAdapter and overriding the configure method to add the client details in memory. However, this way the client is pre-registered and I would like to

Spring Boot 2 and OAuth2/JWT configuration

阅读更多关于 Spring Boot 2 and OAuth2/JWT configuration

I'm trying to port my Spring boot 1.5 application to Spring Boot 2 Right now I'm unable to obtain OAuth2 access token. This is the code I have successfully used with Spring Boot 1.5: public static String loginAndGetAccessToken(String username, String password, int port) { ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails(); resourceDetails.setUsername(username); resourceDetails.setPassword(password); resourceDetails.setAccessTokenUri(String.format("http://localhost:%d/api/oauth/token", port)); resourceDetails.setClientId("clientapp");

Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

阅读更多关于 Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

问题 I am starting with Spring OAuth2. So far so good, I have secured my app with the configuration. But I have an issue, my client does not support HTTP Basic Authorization. Is there a way how to disable HTTP Basic Auth for the /oauth/token endpoint? I would like to send the client_id and client_secret in the JSON body or in the request headers. curl examples I would like to work: curl -X POST -H "Content-Type: application/json" -d '{ "username": "user", "password": "pass", "grant_type":

Spring Boot 2 and OAuth2/JWT configuration

阅读更多关于 Spring Boot 2 and OAuth2/JWT configuration

问题 I'm trying to port my Spring boot 1.5 application to Spring Boot 2 Right now I'm unable to obtain OAuth2 access token. This is the code I have successfully used with Spring Boot 1.5: public static String loginAndGetAccessToken(String username, String password, int port) { ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails(); resourceDetails.setUsername(username); resourceDetails.setPassword(password); resourceDetails.setAccessTokenUri(String.format

How to call JHipster (Spring) OAuth2 Rest server using Postman Authentication helpers

阅读更多关于 How to call JHipster (Spring) OAuth2 Rest server using Postman Authentication helpers

问题 Postman has Authentication helpers to help with authenticated calls and I'm trying to use the OAuth 2.0 helper to call a REST server created by JHipster using Spring (Security, Social, etc). I've tried a lot of configurations, this is the screen (client ID and Secret were masked): For the Authorization URL I've tried: http://127.0.0.1:8080/oauth/authorize http://127.0.0.1:8080/#/login (the app's login route) The closer I get from receiving a token back to Postman is: I don't know why it's

Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

阅读更多关于 Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration in a single server? Currently my POC works without WebSecurityConfigurerAdapter , but with

Spring security OAuth2 accept JSON

阅读更多关于 Spring security OAuth2 accept JSON

I am starting with Spring OAuth2. I would like to send the username and password to /oauth/token endpoint in POST body in application/json format. curl -X POST -H "Authorization: Basic YWNtZTphY21lc2VjcmV0" -H "Content-Type: application/json" -d '{ "username": "user", "password": "password", "grant_type": "password" }' "http://localhost:9999/api/oauth/token" Is that possible? Could you please give me an advice? Solution (not sure if correct, but it seam that it is working): Resource Server Configuration: @Configuration public class ServerEndpointsConfiguration extends

Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

阅读更多关于 Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

问题 I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration

Can i append some information in oauth/check_token endpoint and retrieve it at authorization server?

阅读更多关于 Can i append some information in oauth/check_token endpoint and retrieve it at authorization server?

问题 Preface I am working on an OAuth application for security between two servers. I have an OAuth Server and a Resource Server . The Resource Server has a single .war deployed that contains 4 APIs . Single Responsibility The OAuth server has to validate a the access token that was passed by an API (1 of the 4) from that same .war . The OAuth server has to keep a hit count for a particular accessToken for a particular API . If the hit count exceeds the configured hits the OAuth server would throw

How to get custom user info from OAuth2 authorization server /user endpoint

阅读更多关于 How to get custom user info from OAuth2 authorization server /user endpoint

I have a resource server configured with @EnableResourceServer annotation and it refers to authorization server via user-info-uri parameter as follows: security: oauth2: resource: user-info-uri: http://localhost:9001/user Authorization server /user endpoint returns an extension of org.springframework.security.core.userdetails.User which has e.g. an email: { "password":null, "username":"myuser", ... "email":"me@company.com" } Whenever some resource server endpoint is accessed Spring verifies the access token behind the scenes by calling the authorization server's /user endpoint and it actually