15

I just want to know if there is any way to skip User approval screen in Spring Boot - Spring Security OAuth2. I heard about custom user approval handler but I am quite not sure how to override it to disable user approval process and do a direct redirect.

Thanks

Vijay Muvva
  • 1,063
  • 1
  • 17
  • 31
  • Is there a reason why? I have this form returned to my /authorize request, I think to disable it but I wonder if it's the safe and good solution! – Dimitri Kopriwa Sep 30 '16 at 10:09

4 Answers4

22

You don't need a custom handler to skip approval (since 2.0 anyway). You just set the autoApprove flag in the client details to "true" (or a list of scope patterns to auto approve).

Dave Syer
  • 56,583
  • 10
  • 155
  • 143
  • 4
    Just to make sure this is extra clear, notice @Dave Syer has put true in quotations. If you're storing your client details in a database, this value needs be a string in the database, not the boolean value for true. – petesavitsky Feb 15 '17 at 19:41
  • That’s precisely when it works. Not sure what you could mean. – Dave Syer Jan 23 '18 at 17:34
  • What he means is, if you are storing client details in the DB, you need to save the autoapprove column value as 'true' (string) and not as 1 (mysql default value for a true boolean, for example) – Osmar Mar 06 '20 at 16:52
2

This is how I changed it in my JHipster application:

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients
                .inMemory()
                .withClient(jhipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
                .autoApprove(true)
                .scopes("read", "write")
                .authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
                .authorizedGrantTypes("password", "refresh_token")
                .secret(jhipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
                .accessTokenValiditySeconds(jhipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
        }
argoth
  • 1,173
  • 8
  • 16
Pedro Madrid
  • 1,887
  • 1
  • 20
  • 32
0

set property auto-approve-scopes: '.*' in application.yml 

security:
  oauth2:
    client:
      client-id: acme
      client-secret: acmesecret
      scope: read,write
      auto-approve-scopes: '.*'

seee also https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_authserver

Irina Entina-Kronthaler
  • 1
0

For the newer spring-security-oauth2-authorization-server, the configuration would be as follows:

@Bean
public RegisteredClientRepository registeredClientRepository() {
    final RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
         // other settings...
         .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
        .build()
    return new InMemoryRegisteredClientRepository(registeredClient);
}
Unmitigated
  • 76,500
  • 11
  • 62
  • 80