Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
8
votes
4 answers

Spring Boot + OAuth + JWT + MySQL refresh token not working for second time

I'm using the Spring boot, OAuth2, JWT custome token and MySQL. Problem : I able to get the token and refresh token, using the refresh token I able to get new token for only on time, if i try again to get new token using the new refresh token means…
8
votes
1 answer

Spring Boot OAuth2 with encrypted JWT access token

In my Spring Bott application I have configured own OAuth2 with Authorization/Resource servers. I have implemented following JwtAccessTokenConverter: @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter…
alexanoid
  • 24,051
  • 54
  • 210
  • 410
8
votes
1 answer

How can I use an OAuth2RestTemplate in a scheduled task?

I have two resource servers: one that has an API for emailing notifications and one that runs scheduled tasks. When a scheduled task starts, I want to call out to the email service to notify users that their task is starting. Both services use…
RustyTheBoyRobot
  • 5,891
  • 4
  • 36
  • 55
8
votes
2 answers

Proxy configuration in OAuth2RestTemplate

I need to consume an API which is secured by OAuth2. For that I am using OAuth2RestTemplate. But am getting below error: java.net.ConnectException: Connection timed out: connect This is happening due to proxy issue. I Know how to set proxy in…
aks2012
  • 121
  • 1
  • 7
8
votes
1 answer

Spring Boot and OAuth2, WebSecurityConfigurerAdapter vs ResourceServerConfigurerAdapter

What is the difference between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter and which should have higher precedence? I don't really see difference if I am both resource owner and the client. I can configureHttpSecurity in both…
Nikola Lošić
  • 479
  • 1
  • 6
  • 18
8
votes
1 answer

Social login, spring-security-oauth2 and spring-security-jwt?

I'm developing a rest service which is going to be available in browser via browser single page app and a mobile app. At the moment my service is working without spring at all. The oauth2 client is implemented inside filters so to say "by hand". I'm…
Grigory
  • 992
  • 2
  • 18
  • 34
8
votes
2 answers

Spring Boot OAuth2 - Could not obtain user details from token

I searched the web for solution of this problem but didn't find any working solution. I'm trying to setup basic Spring Boot OAuth2 Authorization Provider and Client. I followed official Spring Boot instructions and created single sign on with…
8
votes
2 answers

spring boot OAuth2 role based authorization

We have a dedicated authorization server extending AuthorizationServerConfigurerAdapter, where we have set authorities overriding void configure(ClientDetailsServiceConfigurer clients) method. @Configuration @EnableAuthorizationServer …
pinaki
  • 341
  • 2
  • 3
  • 14
8
votes
3 answers

Mocked Server for Spring Oauth endpoint

I'm trying to do an integration test to see what the behavior is like when my Registration Endpoint fails. My Registration endpoint is an API provided by an external source (which is secured by Spring OAuth). The client website is using the client…
Dean
  • 887
  • 4
  • 16
  • 42
8
votes
3 answers

How to re-enable anonymous access to Spring Boot Health endpoint?

Probably I'm doing something wrong here, I just can't figure out what... I have an Oauth2 authentication server and a resource server within the same application. Resource server…
8
votes
2 answers

Spring Oauth2 - multiple tokens per client id

We have implemented a server API using spring-oauth2. I have noticed that the server generates the same token per user/client id combination even when calling from separate devices. This causes an issue as my clients can run multiple instances: e.g.…
checklist
  • 12,340
  • 15
  • 58
  • 102
8
votes
1 answer

Spring Boot Security OAuth2 with Form Login

I am following Part V of Getting Started with Spring Boot Security to secure my RESTful microservices. The simple flow that I intend to implement is:- If unauthenticated, the user is redirected to a custom login page at say '/login'. User provides…
Kumar Sambhav
  • 7,503
  • 15
  • 63
  • 86
8
votes
2 answers

Spring-Security-Oauth2: Default login success url

Is it possible to set a default login successurl for a Spring Oauth2 Sso service? Following szenario browser reqeuests index.html sso service: Not protected ==> return the index.html index.html contains manifest attribute ==> browser requests the…
Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77
8
votes
2 answers

How to configure Spring Security OAuth 2.0 client store to database

I found a tutorial about Spring REST Service OAuth on https://github.com/royclarkson/spring-rest-service-oauth But I wonder how to configure client stored to database, so I can manage easily. In the tutorial client configuration store inMemory at…
prptn
  • 299
  • 1
  • 6
  • 18
8
votes
1 answer

spring security oauth2 disable jsessionid based session

I dont have reputation to comment, otherwise this post describes exactly the same issue. I have successfully implemented spring security oauth2 2.0.5 in a spring 4 application. All works fine, i can generate tokens and api requests are properly…
Peeyush
  • 95
  • 1
  • 4