Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
16
votes
4 answers

BearerTokenAccessDeniedHandler Class Definition Not found

I'm trying a demo project with spring boot 2.1.1 and spring sec 5, as an OAuth2 resource server however when I try to run the following ENV Spring Boot 2.1.1 RELEASE Spring Security Core 5.1.2 Java 8 CODE @RestController …
Verric
  • 1,044
  • 3
  • 11
  • 19
16
votes
2 answers

Java Spring Security: 401 Unauthorized for token OAuth2 end point

I have a fairly basic setup in my Spring Boot project. I'm trying to set up OAuth2 to protect my API but I'm running into issues with my /oauth/token end point. Making either a POST or GET request to my /oauth/token end point results in the…
Jonathon
  • 15,873
  • 11
  • 73
  • 92
16
votes
1 answer

How to add more data in access_token JWT

I am trying to add new fields in JWT token which is actually access_token which is generated with grant_type=password. I want to add more fields if grant type is only password. If I implement a custom token enhancer, it adds new fields in the…
Eniss
  • 975
  • 2
  • 20
  • 40
16
votes
4 answers

Add custom UserDetailsService to Spring Security OAuth2 app

How do I add the custom UserDetailsService below to this Spring OAuth2 sample? The default user with default password is defined in the application.properties file of the authserver app. However, I would like to add the following custom…
CodeMed
  • 9,527
  • 70
  • 212
  • 364
16
votes
1 answer

How to make Spring Security OAuth2 really stateless / get rid of "state" parameter?

I'm currently working on a project where we want the user to sign in via Facebook and other OAuth2 providers. Furthermore the REST api should be stateless. Therefore no cookies/jsessionids should be created/utilized. For authorization against the…
andy
  • 1,852
  • 2
  • 20
  • 31
16
votes
1 answer

Revoke JWT Oauth2 Refresh Token

I am trying to find a way to revoke Oauth2 JWT Refresh Token with vanilla Spring implementation and JwtTokenStore. First: can somebody confirm that there is no API similar to /oauth/token that allows me to revoke a refresh token? I wanted to add a…
Klaus
  • 2,328
  • 5
  • 41
  • 62
16
votes
6 answers

Spring OAuth2 - There is no client authentication. Try adding an appropriate authentication filter

We have an application which is using spring-security-oauth2:1.0. I was trying to change it to a newer version, spring-security-oauth2:2.0.7.RELEASE. Some classes were removed, some package structure is changed, I managed to sort out all those…
Karthik
  • 4,950
  • 6
  • 35
  • 65
16
votes
2 answers

Spring OAuth2 - custom "OAuth Approval" page at oauth/authorize

what is recommended way to create custom pages OAuth Approval page: I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to…
Barbadoss
  • 1,136
  • 3
  • 14
  • 22
16
votes
1 answer

How to handle version upgrades of spring-security-oauth2?

spring-security-oauth2 saves the Authentication object as part of the access token entry in the database as a serialized java object (ByteArrayOutputStream.writeObject(authentication)). How do you handle version upgrades of either spring-security…
James
  • 11,654
  • 6
  • 52
  • 81
15
votes
2 answers

spring-security-oauth2 vs spring-cloud-starter-oauth2

I am working on building an oAuth2 application using spring boot. However, there are various sample projects in Github using spring-security-oauth2 and spring-cloud-starter-oauth2. Do we have specific scenarios where we can use a specific jar among…
Shweta Gupta
  • 726
  • 2
  • 6
  • 12
15
votes
2 answers

CORS issue with Google Oauth2 for server side webapps

I referred this question on SO: Google oauth 400 response: No 'Access-Control-Allow-Origin' header is present on the requested resource but the solution suggested is for Javascript web app using implicit grant flow. My setup is such that my front…
tryingToLearn
  • 10,691
  • 12
  • 80
  • 114
15
votes
1 answer

ResourceServerConfigurerAdapter vs WebSecurityConfigurerAdapter

I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter. I hope someone can tell me the differences between the two…
ZiOS
  • 433
  • 2
  • 5
  • 14
15
votes
1 answer

How to enable Bearer authentication on Spring Boot application?

What I am trying to achieve is: users, authorities, clients and access tokens stored in a database (i.e. MySQL) accessed via jdbc API exposes endpoints for you to ask "can I have an OAuth2 bearer token? I know the client ID and secret" API lets you…
Birchlabs
  • 7,437
  • 5
  • 35
  • 54
15
votes
2 answers

Spring Security with OAuth2 and JWT: Encoded password does not look like BCrypt

I am trying to implement a spring AuthorizationServer with JWT. I was able to produce JWT tokens and login until I added BCrypt to the mix. Now, when I am trying to login, I get "Bad credentials" from the API.…
Chirdeep Tomar
  • 4,281
  • 8
  • 37
  • 66
15
votes
1 answer

How do /oauth/authorize and /oauth/token interact in Spring OAuth?

I am doing an in-depth study of Spring OAuth, and I found some conflicting information. Specifically, this tutorial states that the /oauth/token endpoint handles the username and password before granting a refresh token to the client app. By…
CodeMed
  • 9,527
  • 70
  • 212
  • 364
1 2 3
99 100