I have a basic OAuth2 App set up:
@Configuration
@EnableOAuth2Sso
@Order(0)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/actuator/health", "/", "/noauth", "/login").permitAll()
.anyRequest().authenticated().and()
.oauth2Login().defaultSuccessUrl("/auth");
}
}
It works well for a single instance and I can request OAuth2AuthorizedClient details:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
OAuth2AuthorizedClient client = clientService.loadAuthorizedClient(
oauthToken.getAuthorizedClientRegistrationId(), oauthToken.getName());
// Gets an OAuth2 token
client.getAccessToken().getTokenValue()
However, if I run this in a microservices environment (>1 instance) then client will always be null. Authentication also doesn't work correctly in this case.
I am using the org.springframework.security:spring-security-oauth2-jose library and authenticating with Google.
Any hints on how to persist the bearer token between sessions (or refresh it if it's not there)?
