Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. It is built on top of Spring Security to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.
Questions tagged [spring-authorization-server]
159 questions
6
votes
1 answer
How to get Refresh Token from Spring Authorization Server sample
The official sample Spring Authorization Server returns an access_token and id_token by default for Oauth 2.1 with PKCE
https://github.com/spring-projects/spring-authorization-server/tree/main/samples/default-authorizationserver
Is it possible that…
abbas
- 6,453
- 2
- 40
- 36
4
votes
2 answers
What are the possibilities with Spring Authorization Server when using it for authentication (and authorization)?
I'm looking to find a tool that will do the authentication (and authorization) part of the project. For the project, I will be using spring boot and java 8.
I will be working with OAuth2.0, the flow for untrusted client(web-applictation) and trusted…
JMag
- 110
- 2
- 9
3
votes
1 answer
Spring OAuth2 OIDC - Getting user info and AD Group Information for Authorization
I'm new to Spring boot and Spring Security. I have microservice project using Spring boot. And in my gateway app, I use OAuth2 for authentication. The authentication provider is from my organization and it is OIDC implementation.
I'm using oauth2…
user2094311
2
votes
2 answers
How to get oauth2 code param to redirect after login in the oauth2 auth code flow
My app has custom login endpoint and the spring-auth-server redirects user agent to /login
Redirect to login After the following call
curl --location…
Holm
- 2,987
- 3
- 27
- 48
2
votes
2 answers
OAuth2 - launching an SPA from an existing web-app without requiring the user to authenticate again
Background
We have an existing traditional webapp (Wicket/Java/Spring/Tomcat) that we are incrementally migrating to a Vue.js application/SPA. So when the user navigates to certain parts of the application we serve the SPA which the user interacts…
Oliver Henlich
- 283
- 4
- 13
2
votes
0 answers
spring-authorization-server 1.0.1 / JPA (MySQL)
I'm trying to develop a spring-authorization-server 1.0.1 with Spring Boot 3 and JPA.
Does anyone have experience with it?
When I try to authenticate I get the error message:
No AuthenticationProvider found for…
2
votes
0 answers
Spring authorization server, how do I set scope for each grant type
I want to make a custom grant_type 'mfa'. let's say a user want to gain access token they have to get access token with scope 'mfa_required' first.
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
…
Patrick
- 734
- 11
- 26
1
vote
1 answer
Spring Boot Authorization server (SSO Implementation)
I am Having 3 Application for this I am building 1 authorization server for better communication and security.
and also i want to do SSO on this 3 application where my authorization server will act as a Identity provider.
my question is how can i…
Bhushan Rohankar
- 17
- 3
1
vote
0 answers
how to set audience for a client registration spring-authorization-server
hello I'm using spring authorization server version 0.3.1, and I'm trying to define the audience for the generated tokens. It seems that the default behavior is spring setting the client-id as the audience, i'm looking for a way to have a different…
Zeus
- 31
- 5
1
vote
1 answer
Is there a way to add custom attributes to OAuth2Authorizations in Spring's Authorization Server?
I'm using spring-security-oauth2-authorization-server-1.1.1 with the JdbcOAuth2AuthorizationService to persist OAuth2Authorization instances to a database. I would like to include additional details about the request in the database. In particular…
wmkoch
- 175
- 9
1
vote
1 answer
Spring Authorization Server expose rest endpoints
I have implemented an authorization server using spring-boot-starter-oauth2-authorization-server.
Everything seems to work perfectly. However, I need to expose some endpoints for creating users, getting user permissions etc., so I need to configure…
bsgrd
- 633
- 1
- 9
- 26
1
vote
1 answer
Must Generate same token unless it expired
As default in spring authorization server it generate unique token each request.
But the requirement is to generate same token if the previous token is still not expired, and if expired must generate new token.
Is this even possible?
…
Sard
- 73
- 6
1
vote
1 answer
Spring Security(Auth server) Spring Boot 3.1.0 - What's with all the final classes?
What's up with all these final classes?
Want to extend User? Have the Userbuilder return an instance of the CustomUser? No go. UserBuilder is final and returns a minimalistic UserDetails instance.
All that functionality goes to waste or becomes a…
Buks van der Lingen
- 31
- 5
1
vote
2 answers
Is spring-authorization-server a suitable tool for connecting to an existing OIDC server provided by an enterprise?
Is spring-authorization-server appropriate for connecting to an existing OIDC server provided by my enterprise? It looks like spring-authorization-server provides the ability to create and customize these auth flows, and we can also utilize github…
Steve Storck
- 793
- 6
- 25
1
vote
1 answer
Customize JWT token to add userId in Spring authorization server 1.0.0
I am new to spring security and spring authorization server. I wanted to customized the JWT access token to include additional parameter of userId within token generated.
I am using spring-authorization-server 1.0.0 and OAuth2TokenEndpointFilter is…
deepti
- 13
- 3