0

I am working on a project in which I need, not only to authenticate but also to have the real value of the token.

We have a Spring Boot application with oAuth2.0 Spring Security and the problem is that I am not able to find a method that gives me a valid token every time I call it.

At this moment, I have a post method raw coded in Java, but there must be a Spring Security implementation that does something like the following:

  1. The first time that it is called, it asks for the token and stores it.
  2. The following times checks if the token has expired and, just if it has expired, it asks for a new one.

Where could I find it?

EDIT

There are 2 different Spring Instances in my project: The Authorization server - which is a Cloud Foundry UAA server - and the resource server - which is the one that asks for the token and is coded by me.

The Authorization server uses AuthorizationServerTokenServices in JWT version and when the Resource server gets a token from there, I want it to be kept, not only decoded and used because I need to send it to another server.

Moreover, my application is not a web app, so there is no login page to log in on Facebook and I have to get the token using the Client Credentials Grant Type.

In my case, Single Sign-On is not possible because I have to use it not decoded.

This is my current implementation:

public String obtainAccessToken() throws ClientProtocolException, IOException {
        HttpClient httpclient = HttpClients.createDefault();

        String userPass64 = new String("User and password");

        HttpPost httppost = new HttpPost("localhost:8080/uaa/oauth/token?grant_type=client_credentials");       
        httppost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        httppost.setHeader("Authorization", "Basic " + userPass64);

        //Execute and get the response.
        HttpResponse response = httpclient.execute(httppost);
        String responseBody = EntityUtils.toString(response.getEntity());

        ObjectMapper mapper = new ObjectMapper();
        TokenMessage tokenMessage = mapper.readValue(responseBody, TokenMessage.class);

        return tokenMessage.getAccess_token();
    }
BigEndian32
  • 31
  • 1
  • 5

1 Answers1

0

From what I have seen is that there are few different ways that Spring security can handle this.

The default way is to have AuthorizationServerTokenServices interface handle it. And with it you can have different ways of storing the token. For example JDBCTokenStore, InMemoryTokenStore and JwtTokenStore. More about this here : http://projects.spring.io/spring-security-oauth/docs/oauth2.html#managing-tokens

But since I do not know what kind of application you are creating, you could maybe develop a single sign on functionality and let Facebook, for example, handle the authentication Token. Quite good tutorial about that with Spring boot can be found here: https://spring.io/guides/tutorials/spring-boot-oauth2/

bjozzi
  • 55
  • 3
  • 12
  • Thank you very much for your quick response. I didn't explained correctly. I have an architecture in which I have the Authorization server (A Cloud Foundry UAA) separate from the Resource Server. The AuthorizationServerTokenServices is related to the Authorization server, but I want to store it in the Resource server, too. The problem with my application is that it is not a web app, so there is no login page to log in in Facebook and I have to get the token using the Client Credentials Grant Type. Therefore, Single Sign On is not possible I think. – BigEndian32 Oct 17 '17 at 12:15