Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
15
votes
7 answers

Spring Security OAuth 2.0 - client secret always required for authorization code grant

According to the spec, requests for a token using the authorization code grant are not required to be authenticated as long as the client_id is included in the request and the client_id is the same one used to generate the code. However, with the…
quintonm
  • 838
  • 1
  • 7
  • 20
15
votes
1 answer

How to protect spring-security-oauth resources using @PreAuthorize based on Scope?

I successfully configured spring-security-oauth2 so that external apps can authenticate with my application. However based on the external app and based on what the user allows, only a subset of my API should be accessible to clients. The available…
yankee
  • 38,872
  • 15
  • 103
  • 162
15
votes
4 answers

Skip OAuth user approval in Spring Boot OAuth2

I just want to know if there is any way to skip User approval screen in Spring Boot - Spring Security OAuth2. I heard about custom user approval handler but I am quite not sure how to override it to disable user approval process and do a direct…
Vijay Muvva
  • 1,063
  • 1
  • 17
  • 31
15
votes
2 answers

How to use RemoteTokenService?

I have a separate ResourceServer built using Spring-Security-oauth2. Here is the code RemoteTokenService. @Bean public ResourceServerTokenServices tokenService() { RemoteTokenServices tokenServices = new RemoteTokenServices(); …
Pratik Shah
  • 1,782
  • 1
  • 15
  • 33
14
votes
2 answers

What does resourceId mean in OAuth 2.0 with Spring Security

OAuth2ProtectedResourceFilter in org.springframework.security.oauth2.provider.filter: Collection resourceIds = auth.getClientAuthentication().getResourceIds(); if (resourceIds!=null && !resourceIds.isEmpty() &&…
user1110977
  • 170
  • 1
  • 1
  • 8
14
votes
4 answers

Spring Boot add additional attribute to WebClient request in ServerOAuth2AuthorizedClientExchangeFilterFunction

I am trying to implement the client_credentials grant to get a token in my spring boot resource server. I am using Auth0 as an Authorization server. They seem to require an extra parameter in the request body to be added called audience. I have…
DArkO
  • 15,880
  • 12
  • 60
  • 88
14
votes
2 answers

Extract Currently Logged in User information from JWT token using Spring Security

I have implemented JWT and LDAP Authentication using Spring Security Oauth2. It seems to be working fine and I can login with my LDAP credentials. Now, there is one requirement that I need to use the currently logged in user info to save details in…
mayur tanna
  • 241
  • 1
  • 3
  • 14
14
votes
3 answers

Spring boot 2.0.0.M6 OAuth2 web application client. No @EnableOauth2Sso anymore; how to replace?

I have build a Authentication Service and Webapplication in Spring 5 and Spring boot 2.0.0.M3 and I am trying to port it to Spring boot 2.0.0.M6 now. I noticed the @EnableOauth2Sso is not available anymore in spring-boot-autoconfigure; I had used…
Markus Antonius
  • 141
  • 1
  • 3
14
votes
4 answers

Customize auth error from Spring Security using OAuth2

I was wondering if I could customize the following authorization error: { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" } I get it when the user request does not have permissions. And I…
pakkk
  • 289
  • 1
  • 2
  • 13
14
votes
3 answers

Spring Framework - Where to parse JWT for custom claim?

I have created a Spring JWT authorization application. JWT contains some custom claims. On a resource server side, I wonder, where should I parse the JWT token to collect and check these claims? Should I do this in a controller or in some filter?…
dplesa
  • 1,355
  • 6
  • 23
  • 56
14
votes
1 answer

Spring Boot OAuth2 Single Sign Off (Logout)

I'm considering to use OAuth2 for my application. The architecture I'm trying to implement is as follows: I will have my own (and only this) Authorization Server Some Resource Apps validating access to their resources using the Authorization…
Juan Carlos Mendoza
  • 5,736
  • 7
  • 25
  • 50
14
votes
3 answers

Spring Boot with Security OAuth2 - how to use resource server with web login form?

I have Spring Boot (1.2.1.RELEASE) application that serves OAuth2 (2.0.6.RELEASE) authorization and resource server in one application instance. It uses custom UserDetailsService implementation that makes use of MongoTemplate to search users in…
Szymon Stepniak
  • 40,216
  • 10
  • 104
  • 131
13
votes
3 answers

How do I use multiple 'JWK Set Uri' values in the same Spring Boot app?

I have a requirement to use two different authorization servers (two Okta instances) to validate authentication tokens coming from two different web applications inside a single Spring Boot application which is a back-end REST API layer. Currently I…
sanjayav
  • 4,896
  • 9
  • 32
  • 30
13
votes
1 answer

Alternative for OAuth2FeignRequestInterceptor that depends on a deprecated class

Disclaimer: I honestly tried to google/github this, scanned through the OAuth2 migration guide, but couldn't find an answer to this, so here we go. org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor from…
Alexander
  • 131
  • 4
13
votes
2 answers

Flutter with REST backend Springboot

I am developing a Flutter mobile application with a Spring Boot backend. I want to have three types of login methods (1). username & password (2). Facebook (3). Google. I have following questions. 1) If I handle the Authentication part in the mobile…
Sam
  • 2,972
  • 6
  • 34
  • 62
1 2 3
99 100