Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
7
votes
2 answers

spring security OAuth2 - custom ClientDetailsService

I'm currently working on a spring app for an Oauth2 authentication but I got some issue implementing a custom ClientDetailsService. I can't use the common inMemory ou jdbc clientDetailsService because clients information arn't stored in my app, I…
benedick steve
  • 81
  • 1
  • 1
  • 6
7
votes
1 answer

Using OAuth2RestTemplate on behalf of a number of users

I'm creating a system which regularly exports data on behalf of many users to an external system, with OAuth2-authenticated HTTP requests. I have successfully been able to communicate with the external service using Spring Security OAuth2, with an…
reidarok
  • 361
  • 2
  • 6
7
votes
1 answer

Spring OAuth Authorization Server Requires Scope

We're currently using the Spring OAuth Authorization Server but currently do not use the "scope" parameter from the OAuth specification. This has been a bit of a pain point as the Spring OAuth Authorization Server requires that scope be explicitly…
loesak
  • 1,413
  • 2
  • 19
  • 33
7
votes
1 answer

How to generate token without client_secret in Spring Security OAuth2

I have a Spring Security OAuth 2.0 based application, configured with a JDBC and LDAP. As per the OAuth 2.0 specification, client secret must. When I generate token by using following URL it generates token and works…
Naveen kumawat
  • 93
  • 1
  • 9
7
votes
2 answers

SpringSecurity WithSecurityContext MockMvc OAuth2 always unauthorised

I have followed the following links to try and test OAuth2 @PreAuthorise(hasAnyRole('ADMIN', 'TEST') for example but I can't any of the tests to pass or even authenticate. When I try to access the end point with admin (or any role) it will never…
revilo
  • 169
  • 1
  • 8
7
votes
1 answer

Configuring an AuthenticationSuccessHandler with Spring Boot 1.3.2 (without spring-cloud-security) and @EnableOAuth2Sso

We have a Spring Boot 1.3.2/Webflow web app which we're converting to use SSO. I've followed the steps in the "Migrating OAuth2 Apps from Spring Boot 1.2 to 1.3" blog and have the app handing off to our Auth server for authentication and the web app…
Jim.R
  • 743
  • 1
  • 5
  • 11
7
votes
2 answers

Spring Security OAuth2 - @EnableOauth2Sso but accept tokens as authentication, too

I have an application which has @EnableOAuth2Sso on the WebSecurityConfigurerAdapter After adding @EnableOAuth2Ssothe application redirects me to the authorization server and allows access after login at this authorization server. I want to offer…
Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77
7
votes
2 answers

How to have separate authentication sources? (one for Oauth2 and one for form-based login)

I'm writing a small application that has an authentication linked to a database, this authentication will be managed by the Oauth2 aspect (Classes annotated by @EnableAuthorizationServer and @EnableResourceServer). There's another authentication in…
Cenobyte321
  • 469
  • 1
  • 8
  • 26
7
votes
4 answers

Spring security OAuth2 - invalidate session after authentication

We are securing out REST services using spring security OAuth2. Applications can call into either the /oauth/authorize, /oauth/token or /rest-api endpoints. The token and rest-api endpoints are stateless and do not need a session. Can we invalidate…
mpusarla
  • 487
  • 4
  • 14
7
votes
0 answers

How to use JdbcClientDetailsService of spring security oauth2?

I learn how to use oauth2 from the example sparklr2, but it use inMemoryClientDetailsService. which is not the case for production, an oauth2 webapp like twitter should let new client to register. so eventually will use JdbcClientDetailsService. but…
Maxi Wu
  • 1,274
  • 3
  • 20
  • 38
7
votes
4 answers

Handle UserRedirectRequiredException (A redirect is required to get the users approval)

Introduction One week ago, I began the development of an application using the OAuth2 framework (with Spring Boot v1.3.0.M4). A brand new experience for me. So I try to make it as simple as possible to understand it better. I am using Spring…
Cédric M.
  • 1,142
  • 3
  • 12
  • 23
7
votes
1 answer

Trouble accessing OAuth2 secred resource using correct access token

I’m using Spring 4.1.5.RELEASE, Spring Security 3.2.5.RELEASE, and OAuth2 2.0.7.RELEASE. I’m using JdbcTokenStore and have this in my oauth_client_details table … client_id = dave resource_ids = /dashboard scope =…
Dave
  • 15,639
  • 133
  • 442
  • 830
7
votes
1 answer

Why isn't OAuth2 client refreshing expired access_token?

I've got a client app configured with @EnableOAuth2Sso and @EnableZuulProxy, and a resource server (separate app) configured with @EnableOAuth2Resource. I can see that the client correctly authenticates to the resource server with Authorization:…
Tommy Knowlton
  • 580
  • 1
  • 4
  • 15
7
votes
1 answer

Why should /oauth/authorize be secured?

According to http://projects.spring.io/spring-security-oauth/docs/oauth2.html: N.B. the Authorization endpoint /oauth/authorize (or its mapped alternative) should be protected using Spring Security so that it is only accessible to authenticated…
Adriano
  • 389
  • 3
  • 11
7
votes
1 answer

Customize OAuth2 error response on client authentication with Spring Security

While this seems to be an easy task, it turns out the opposite. I'm trying to customize the error handling for OAuth2 client authentication requests. The purpose of this is to remove the exception stacktrace/message from the response…
nucatus
  • 2,196
  • 2
  • 21
  • 18
1 2 3
99 100