Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
8
votes
2 answers

Accept facebook login into my REST API

I have a backend server (Java / Spring / Spring Security). Currently when users from mobile app login, they simply submit their username/password and Spring Security creates a Session and assign it to the request with a JSESSIONID. We would now…
Johny19
  • 5,364
  • 14
  • 61
  • 99
7
votes
1 answer

Lazy initialise spring security at runtime + reload spring security configuration

Spring usually eagerly loading the spring security configuration while starting the application. I'm using OAuth with Spring Security I'm maintaining a configuration table for storing the SSO related values (like jwk-url, client_id, client_secret).…
ARods
  • 441
  • 2
  • 5
  • 13
7
votes
1 answer

Spring Oauth2 Client, automatically refresh expired access_token

Let me explain my use case. I need to have a spring boot oauth2 client application (not a resource server As we already have a separate resource server). Also I have following requirements: For each out going request to resource server, we need to…
Agam
  • 1,015
  • 2
  • 11
  • 21
7
votes
2 answers

Spring 5 Security OAuth2 Login Redirect Loop

I want to work with Spotify Web API, but I'm having trouble with Spring Security Configuration. Here are my security dependencies: /* springBootVersion = '2.1.2.RELEASE' */ implementation…
George
  • 2,820
  • 4
  • 29
  • 56
7
votes
2 answers

Spring Boot Application to validate oauth2 token from Google

I have my Spring Boot application, that provides some rest endpoints. Those rest endpoints need security, and I want to use the Oauth2 for it. My idea is to use Google oauth2 token for that. I don't want to provide login functionality in my Spring…
Manuelarte
  • 1,658
  • 2
  • 28
  • 47
7
votes
2 answers

Spring OAuth2 ResourceServer dependency hell

I want to implement a resource server (Spring Boot Rest Backend and secured via OAuth2 with JWT). I get a resource server running which processes JWT tokens from Keycloak Authentication Server. But there are still gaps in my knowledge how to verify…
Dev Moerker
  • 111
  • 6
7
votes
2 answers

Spring Boot + Security OAuth2.0 Client with Custom Provider

I am creating a OAuth2.0 client for a custom OAuth2 provider in Spring Boot + Security (version 5) application. Below is the application.properties which has all the configuration and there is no additional configuration class in my…
Ankur Raiyani
  • 1,509
  • 5
  • 21
  • 49
7
votes
2 answers

How to generate a JWT access token with some custom claims in it?

I'm trying to have my authorization server generate a JWT access token with some custom claims in it. Here is what the Bearer token returned by the authorization server /auth/token endpoint looks like: 51aea31c-6b57-4c80-9d19-a72e15cb2bb7 I find…
Stephane
  • 11,836
  • 25
  • 112
  • 175
7
votes
1 answer

Does Spring Security OAuth2 support Authorization Code Flow with PKCE for browser (Angular) clients?

Browser applications auth used to be managed using the Implicit grant of the Authorization Server. I successfully implemented this using Spring Security Oauth. This approach has several drawbacks: Refresh tokens are not supported, so when the token…
codependent
  • 23,193
  • 31
  • 166
  • 308
7
votes
4 answers

Field authenticationManager in *** required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found

I have following class: @Configuration @EnableAuthorizationServer public class AuthServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override public void…
gstackoverflow
  • 36,709
  • 117
  • 359
  • 710
7
votes
0 answers

Connecting Spring Security OAuth2 with SAML SSO

We’re having a microservices architecture based on spring boot where we have multiple microservices talking to each other and also a Javascript UI that connects to the different microservices. Since this is an internal application and we have the…
Luk
  • 431
  • 7
  • 14
7
votes
1 answer

Spring JWT - Add custom claims

can you help me with my problem? I generated JWT for my client using Spring OAuth2. I have implemented an authorization and resource server along with some web security configuration, everything done with online guides. It works fine, but now I…
Denis Stephanov
  • 4,563
  • 24
  • 78
  • 174
7
votes
2 answers

Spring Boot - Using JWT, OAuth, and Separate Resource and Auth Servers

I am attempting to build a Spring application that uses JWT tokens and the OAuth2 protocol. I have the Authentication Server running thanks to this tutorial. However, I am struggling with getting the Resource Server to function properly. From…
KellyM
  • 2,472
  • 6
  • 46
  • 90
7
votes
0 answers

How do I automatically delete expired Oauth access tokens from our database using Spring and its JdbcTokenStore class?

I'm using Spring 4.3.8.RELEASE. I set up an OAuth application (to allow client applications to access certain functions via the client_credentials grant type) using the Spring org.springframework.security.oauth2.provider.token.store.JdbcTokenStore…
Dave
  • 15,639
  • 133
  • 442
  • 830
7
votes
2 answers

How to find out the valid values to use for authorized grant types in Spring Secrity

I want to allow a client to use a specific grant type, but cannot find the valid values to use in the client table in the documentation. Any ideas?
Dirk Jablonski
  • 340
  • 3
  • 11
1 2 3
99 100