Stack Overflow
Stack Overflow

Questions tagged [spring-oauth2]

Official tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/

708 questions
4
votes
1 answer

How to update expiry time of refresh-token without generating new refresh token in spring security?

So far i have configured password grant type in my application and it is working fine. When i hit /oauth/token and pass CI & CS & username & password, along with password grant type, i get access_token, refresh_token, expiry time, and some other…
truekiller
  • 470
  • 6
  • 19
4
votes
0 answers

Spring OAuth dynamically choose authentication provider based on the client

I already could add multiple authentication providers as mentioned in Adding multiple authenticaion providers. Now Spring will check in both LDAP and database for users. However my use case is little different. I want to bind a authentication…
Udara S.S Liyanage
  • 6,189
  • 9
  • 33
  • 34
4
votes
0 answers

How to use a custom client table for Spring OAuth2?

The Spring OAuth2 uses the next database schema by this tutorial: drop table if exists oauth_client_details; create table oauth_client_details ( client_id VARCHAR(255) PRIMARY KEY, resource_ids VARCHAR(255), client_secret VARCHAR(255), …
Denis Sologub
  • 7,277
  • 11
  • 56
  • 123
4
votes
0 answers

o.s.s.o.provider.endpoint.TokenEndpoint : "Handling error: IllegalStateException, This object has not been built"

I am trying to implement Spring Boot Oauth2 using JDBC token store. When I use the following url: http://localhost:8080/oauth/token I am getting following output: { "error": "server_error", "error_description": "This object has not been…
siddharthnaik7
  • 61
  • 6
4
votes
0 answers

Spring security oAuth2 Mock test

I have a rest controller that requires the user to be authenticated. But when the test is run the response is always 401. I am using the "WithSecurityContext" annotation, but it does not work. Annotation @Retention(RetentionPolicy.RUNTIME) @Target({…
Jonattan Velásquez
  • 43
  • 2
  • 8
4
votes
0 answers

How to get OAuth2AccessToken in Spring controller?

I have a resource server application for which I want to define a controller that needs to get hold of additional information from OAuth2AccessToken. The additional information in the token are added using the authorization server's TokenEnhancer.…
Psycho Punch
  • 6,418
  • 9
  • 53
  • 86
4
votes
2 answers

spring-cloud: Disable CSRF

Tried disabling CSRF in the edge/zuul with http.csrf().disable(). But still csrfFilter is available in filter chain @ position 4. I even have set property spring.enableCsrf: false. Still the csrfFilter kicks in and my ajax requests get 403…
Ahamed Mustafa M
  • 3,069
  • 1
  • 24
  • 34
4
votes
1 answer

Spring Boot OAuth2 + JWT and UserDetailsService

In my Spring Boot application I'm trying to configure Spring OAuth2 + JWT This is my OAuth2ServerConfig config: @Configuration public class OAuth2ServerConfig { private static final String RESOURCE_ID = "restservice"; @Bean @Primary …
alexanoid
  • 24,051
  • 54
  • 210
  • 410
4
votes
1 answer

Issues creating OAuth secured Microservices using Spring boot, Eureka, Zuul, Spring Oauth

I'm trying to get a Zuul reverse proxy setup with Spring Boot, Eureka, Zuul and Spring OAuth. Specifically, I'm trying to obtain an OAuth bearer token from our OAuth server that is behind Zuul. To do this, i need to make a POST request to the proxy…
loesak
  • 1,413
  • 2
  • 19
  • 33
4
votes
1 answer

Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

I am starting with Spring OAuth2. So far so good, I have secured my app with the configuration. But I have an issue, my client does not support HTTP Basic Authorization. Is there a way how to disable HTTP Basic Auth for the /oauth/token endpoint? I…
Jakub Kopřiva
  • 491
  • 2
  • 4
  • 13
4
votes
1 answer

Spring OAuth2.0 - Dynamically register OAuth2.0 client

I am working on setting up an OAuth2.0 authorization server using Spring security. I want to know if there is a way to dynamically register an OAuth2.0 client after the OAuth2.0 authorization server is up and running? Basically, I know that I can…
sunsin1985
  • 2,437
  • 5
  • 22
  • 27
4
votes
1 answer

Spring OAuth - No qualifying bean of type PlatformTransactionManager

I was successfully able to integrate OAuth2 to my previous application (a REST service) by replacing BASIC auth. Then I got the following exception: No qualifying bean of type [org.springframework.transaction.PlatformTransactionManager] is defined:…
sura2k
  • 7,365
  • 13
  • 61
  • 80
4
votes
0 answers

External authentication for Spring OAuth2

Is it possible to use Spring OAuth2 as a pure authorization solution while providing external authentication for it? Or is Spring OAuth2 even supposed to be used in such a manner? If yes then what are the injection points for that kind of…
S. Pauk
  • 5,208
  • 4
  • 31
  • 41
4
votes
0 answers

Spring boot OAuth2 role based access control in resourcse server with roles from Auth Server

I have created an authorization server with spring boot and I want to use roles of resource owners from it in resource server. I have a class SecurityConfig extending WebSecurityConfigurerAdapter, where I have checked credentials of resource owners…
Rishav Basu
  • 391
  • 4
  • 12
3
votes
1 answer

Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter

Since Spring Boot 2.7.x version WebSecurityConfigurerAdapter class is deprecated and there is a guide from spring.io on how to replace those classes and use component-based security configuration. My question is how to handle the following…
Bojan Trajkovski
  • 1,056
  • 1
  • 15
  • 31
1 2 3
47 48