Stack Overflow
Stack Overflow

Questions tagged [spring-oauth2]

Official tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/

708 questions
3
votes
1 answer

Does Spring Security Oauth2 Client handles refresh token automatically from Spring Authorization Server?

I'm trying to create an application using NextJS + Java with Spring as my backend and I have been trying the new Spring Authorization Server alongside a BFF app with Spring Gateway and Spring Security Oauth2 Client. I have recently been studying…
bojackhorseman99
  • 157
  • 5
  • 15
3
votes
0 answers

Google Auth token invalid_token error in Spring boot sample app

First time Spring security user here. Trying to authenticate a user through OAuth2 "Implicit grant" flow in a Spring boot app using Google. Here is the WebSecurityConfig code: @EnableWebSecurity public class WebSecurityConfigForTokenAuth extends…
BlaMath20
  • 31
  • 2
3
votes
1 answer

Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type

I'm using "client-credentials" grant type for the rest calls that I make from front-end service to other back-end services. Client-credentials grant type is being used among other back-end services as well. By doing so, I am not able to get who is…
Sharun Thomas
  • 31
  • 2
3
votes
1 answer

Authentication for SPA in Microservice architecture

I am looking for an optimal way to create registration, authentication, and authorization for our project based on spring boot microservices. Microservices will provide rest API for SPA application, and later for mobile applications (android and…
Denis Stephanov
  • 4,563
  • 24
  • 78
  • 174
3
votes
0 answers

Storing JWT token in Non HttpOnly Cookie for multi-tab support in combination with Fingerprinting

I took a read on securing JWT based services on https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html . In this guide its told that how to handle JWT token on client side Automatically sent by the browser (Cookie…
vishal sundararajan
  • 117
  • 2
  • 15
3
votes
2 answers

Error trying to authenticate a web application with Oauth2 and Strava using Spring Boot

I’m trying to use Strava to authenticate customers that want to use my web application using Spring Boot, and I’m stuck in this error: .s.o.c.w.OAuth2LoginAuthenticationFilter : Authentication…
Marcos Pastor
  • 61
  • 1
  • 6
3
votes
1 answer

OAuth2 | ClientCredentialsResourceDetails | deprecated

I am new to spring security, and i come across to implement OAuth2 with client_credentials as Grant type. i am using below piece of code, but i am getting suggestion that ClientCredentialsResourceDetails, OAuth2RestTemplate & OAuth2AccessToken are…
piyush vijayvargiya
  • 87
  • 1
  • 11
3
votes
0 answers

How to make API Gateway Stateless for Authentication/Authorization Process Using Oauth2?

In my design I have an API gateway (spring cloud api gateway), authorization server (Oauth2) and a resource server (microservice). (I have also a CAS server but now it can be ignored for simplicity) I just want to use API gateway to redirect client…
H.Ç.T
  • 3,335
  • 1
  • 18
  • 37
3
votes
1 answer

Spring Security 5.2 -- how to customize NimbusJWTDecoder used by OAuth2ResourceServer?

I have an OpenID provider (openam) running locally. I am using a self-signed certificate and the jwks URL is @ https://localhost:8443/openam/oauth2/connect/ Due to the SSL certificate being self-signed, I am getting an SSLHandshake exception, when…
prabhakar thopa
  • 41
  • 1
  • 4
3
votes
1 answer

Spring Boot 2 OIDC (OAuth2) client / resource server not propagating the access token in the WebClient

Sample project available on Github I have successfully configured two Spring Boot 2 application2 as client/resource servers against Keycloak and SSO between them is fine. Besides, I am testing authenticated REST calls to one another, propagating…
codependent
  • 23,193
  • 31
  • 166
  • 308
3
votes
0 answers

How to create simple login in Spring Cloud Data Flow?

Based on the SCDF document, as of Spring Cloud Data Flow 2.0, OAuth2 is the only mechanism for providing authentication and authorization. However, I want to create the simple login page without using Authentication provider. Could I apply Spring…
Zach Pham
  • 280
  • 4
  • 18
3
votes
1 answer

Configure communication between multiple OAuth2 authorization servers and a single resource server

I'm currently setting up a single resource server that will be validating access tokens from various authorization servers. Spring security (using the Okta security starter with this as well) seems to only allow me to set a single issuer URI. I…
Jon Catanio
  • 283
  • 1
  • 3
  • 11
3
votes
2 answers

Why do we need exactly the same configuration in resource and Authorization server

I'm talking about the case when these two are separate apps. I'm not interested in merging them in one app. So, in a authorization server we extend AuthorizationServerConfigurerAdapter class and in resource server ResourceServerConfigurerAdapter and…
A5300
  • 409
  • 4
  • 18
3
votes
0 answers

Spring Security + AAD: invalid_token_response follow-up with latest available spring-boot version (2.1.2)

I am facing the same issue as posted in the question Spring Security + AAD: invalid_token_response I did try 2.1.0, it didn't help. I am currently using Spring-boot 2.1.2, spring-security-oauth2-client 5.1.3 and i am still getting the same error I…
Ghazanfer Ali
  • 31
  • 3
3
votes
0 answers

Spring OAuth2 authorization server: how to get client_id in user details service

Given I have multiple clients registered in in-memory ClientDetailsServiceConfigurer like this : clients.inMemory()..withClient("fooClientIdPassword").secret("secret") .authorizedGrantTypes("password", "client_credentials",…
Shady Ragab
  • 705
  • 10
  • 26
1 2 3
47 48