Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
20
votes
2 answers

Adding more then one client to the Spring OAuth2 Auth Server

I have Spring OAuth Authorization server and I want to add support for more then one client(id). I configured clients like this: clients .inMemory().withClient(client).secret(clientSecret) .resourceIds(resourceId) …
dplesa
  • 1,355
  • 6
  • 23
  • 56
20
votes
4 answers

Spring Security OAuth2 check_token endpoint

I'm trying to setup a resource server to work with separate authorization server using spring security oauth. I'm using RemoteTokenServices which requires /check_token endpoint. I could see that /oauth/check_token endpoint is enabled by default…
sowdri
  • 2,193
  • 5
  • 23
  • 36
19
votes
2 answers

AuthorizationServerConfigurerAdapter is deprecated

I'd like to use Oauth2 authentication in spring rest API for login. But I got some warning like AuthorizationServerConfigurerAdapter is deprecated and see the OAuth 2.0 Migration Guide for Spring Security 5. I checked there but not found a much…
Victory
  • 1,184
  • 2
  • 11
  • 30
19
votes
1 answer

Web and Mobile Clients for Spring Security OAuth2

I'm trying to wrap my head around OAuth2 and Spring Security OAuth, especially OAuth Provider service. I'm trying to implement the following: OAuth Provider Resource Server (RESTful webservices that should be protected using OAuth Provider (1)) Web…
Maksim
  • 16,635
  • 27
  • 94
  • 135
19
votes
1 answer

Mapping user roles to oauth2 scopes/authorities

We have a entitlements database which has application id, roles and users mapped to roles per application. Following the advice on thread how do I map user roles to oauth2 scopes/authorities based on resourceId? Ignoring the entitlements database I…
Stackee007
  • 3,196
  • 1
  • 26
  • 39
18
votes
3 answers

Accessing JWT Token from a Spring Boot Rest Controller

I am implementing a REST API with Spring Boot and I am securing it with JWT and Oauth 2. I have no problems with authentication and producing an access token. When a user makes a request I want to access its JWT token from the…
Tartar
  • 5,149
  • 16
  • 63
  • 104
18
votes
3 answers

Why is my token being rejected? What is a resource ID? "Invalid token does not contain resource id (oauth2-resource)"

I'm trying to configure OAuth2 for a spring project. I'm using a shared UAA (oauth implementation from cloud foundry) instance my work place provides (so I'm not trying to create an authorization server and the authorization server is separate from…
Rico Kahler
  • 17,616
  • 11
  • 59
  • 85
18
votes
2 answers

Spring Boot + Spring Security + Spring OAuth2 + Google Sign in

I have setup a small project to implement OAuth2 Login with Google+ API, using Spring Boot (1.5.2), Spring Security and Spring Security OAuth2. You can find source in: https://github.com/ccoloradoc/OAuth2Sample I am able to authenticate with google…
Cristian Colorado
  • 2,022
  • 3
  • 19
  • 24
18
votes
1 answer

Spring OAuth2 checkUserScopes is not working as expected

First of all, according to Spring doc , if i want to map user roles to scopes, i should use setCheckUserScopes(true) to DefaultOAuth2RequestFactory. So one way to do this, is injecting my own DefaultOAuth2RequestFactory bean, as doc says: The…
jscherman
  • 5,839
  • 14
  • 46
  • 88
18
votes
2 answers

How to get Spring Boot and OAuth2 example to use password grant credentials other than the default

I'm following the basic Spring Boot OAuth2 example from Dave Syer: https://github.com/dsyer/sparklr-boot/blob/master/src/main/java/demo/Application.java @Configuration @ComponentScan @EnableAutoConfiguration @RestController public class Application…
Shawn Sherwood
  • 1,968
  • 2
  • 19
  • 30
17
votes
2 answers

Is there working example of OAuth2 with WebFlux

I'm trying to add OAuth2 to WebFlux and can't find any working example. To Implement own Authorization Server I use such code: @EnableAuthorizationServer @Configuration public class ServerAuth extends AuthorizationServerConfigurerAdapter…
Max Grigoriev
  • 1,021
  • 2
  • 13
  • 29
17
votes
1 answer

Spring Boot 1.3.3 @EnableResourceServer and @EnableOAuth2Sso at the same time

I want my server be a ResourceServer, which can accept a Bearer Access token However, If such token doesn't exist, I want to use the OAuth2Server to authenticate my user. I try to do like: @Configuration @EnableOAuth2Sso @EnableResourceServer public…
Fallflame
  • 221
  • 4
  • 10
17
votes
6 answers

How to add a client using JDBC for ClientDetailsServiceConfigurer in Spring?

I have the in memory thing working as follows: @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient("clientapp") …
Wim Deblauwe
  • 25,113
  • 20
  • 133
  • 211
17
votes
3 answers

Spring security - allowing anonymous access

I have implemented Oauth2 in my spring-boot app. In my security-context.xml, I have these lines - I want…
NRJ
  • 1,064
  • 3
  • 15
  • 32
16
votes
2 answers

Spring Security oauth2 client - problem with Twitter

I want to add Twitter oAuth2 to my application. Earlier I added Facebook and google with success - I didn't have to add provider. When i try to add twitter data to application.properties file and run server i get error: Error starting Tomcat…
JuniorWithEverything
  • 413
  • 4
  • 13
1 2
3
99 100