I was wondering (before I try implemnting somethign along this path) about an approach. Lets say I have a complete working OAuth2 system (using spring boot and spring cloud but not spring cloud security). This, so far has worked quite well and supports several different grant types. What I am interested in is the possibility of hand creating the JWT in certain special cases and then utilizing this token with spring security. I looked at jose4j and it seems like i should be able to use this in place of the authorization server portion of the system. Note that the goal of this was where i had to create a token that would have normally be generated by the authorization server.
Asked
Active
Viewed 525 times
1 Answers
1
You might want to look at TokenEnhancer or in particular JwtAccessTokenConverter. The latter one also provides encode/decode methods you can overwrite to use custom libraries for encoding/decoding of tokens or to add custom properties.
Note: Make sure to check the signature of the tokens!
Riiverside
- 788
- 7
- 12