Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
12
votes
2 answers

Rest, Spring own OAuth2 server + OAuth2 providers like Facebook, Google, Yahoo

In Spring Boot application I have secured my Spring MVC REST endpoints with Spring Security and Spring OAuth2. I have own Authorization\Resource servers so in order to comunicate with our API, client(AngularJS) needs to obtain acessToken from my API…
alexanoid
  • 24,051
  • 54
  • 210
  • 410
12
votes
1 answer

Spring Oauth2 Authorization Server

I setting the Spring Configuration Below: @EnableAuthorizationServer @EnableWebSecurity @Configuration public class Oauth2Provider extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer { /* * @Autowired…
JSH
  • 141
  • 1
  • 2
  • 5
12
votes
3 answers

Real Time examples for Oauth2 Grant Types and Good document, example for Oauth2 with Spring MVC

I've read about Oauth2 few days before, it has entities like Client, Resource Owner, Resource Server, Authorization Server and i understood the explanations too. but i don't understand the grant type's completely still i got confusion on following…
Pravinkumar
  • 319
  • 1
  • 4
  • 15
12
votes
1 answer

Single sign off using OAuth 2

We just have been discussing the login and logout behaviour when using OAuth 2. Let's say we have two webapps A and B using one OAuth provider O (built using the spring-security-oauth2 stack). When you want to login to A you get redirected to O,…
James
  • 11,654
  • 6
  • 52
  • 81
11
votes
2 answers

How to provide an OAuth2 token to a Feign client using Spring Security for the client_credentials workflow

Overview I am trying to write a program that accesses a public REST API. In order for me to be able to consume it, I need to provide an OAuth2 token. My App uses Spring Boot 2.4.2 and Spring Cloud version 2020.0.1. The app itself does call the REST…
almac777
  • 501
  • 1
  • 8
  • 23
11
votes
1 answer

How to use Spring Security 5 and OAuth2 Client to get refresh tokens and make API calls?

I'm currently building a Spring Boot App with Spring Security + OAUth2 protocol. Here is the Authorization Guide from Spotify I'm following I'm having trouble understanding how to do steps 2 - 4 of Authorization Code Flow. I was able to get…
Sean G
  • 351
  • 2
  • 10
11
votes
6 answers

Using Spring security oauth, using a custom OAuth provider, I get [authorization_request_not_found], should I handle the callback method myself?

Using Spring Security 5 oauth I successfully ran through the whole authentication/authorization cycle using Google as OAuth provider, but I am stuck if I use an OAuth provider that I made myself, running on a different application. I'm using the…
Sebastiaan van den Broek
  • 5,818
  • 7
  • 40
  • 73
11
votes
1 answer

Spring Security OAuth2 always redirects to /login page having a valid Bearer header

I am having a hard time getting Spring Security OAuth2 to work. I am able to get a access_token from /oauth/token endpoint but accessing a protected resource with that token in header "Authorization: Bearer $TOKEN" always redirects me to /login.…
Adil Khalil
  • 2,073
  • 3
  • 21
  • 33
11
votes
6 answers

Spring oauth2 refresh token - Cannot convert access token to JSON

I'm trying to use a refresh token in a Spring OAuth application without success. The system will issue a refresh token on a password grant: { "access_token": "xxxxx", "token_type": "bearer", "refresh_token": "xxxxxx", "expires_in": 21599, …
TimS
  • 733
  • 3
  • 10
  • 19
11
votes
2 answers

Spring Security OAuth2 - How to use OAuth2Authentication object?

I have OAuth2 authorization server which provides user information: public class User implements Serializable, UserDetails { private Long userID; private String username; private String password; private String fullName; private…
Vespin
  • 131
  • 1
  • 1
  • 4
11
votes
3 answers

How does Spring Oauth2 login redirect work?

I've been thrashing around with the Spring Boot Oauth2 tutorial and I can't seem to get a pretty key element working: https://spring.io/guides/tutorials/spring-boot-oauth2/ I want to run as an authorization server. I've followed the instructions as…
Ryan
  • 545
  • 1
  • 5
  • 16
11
votes
4 answers

Spring Security OAuth2 with custom TokenGranter in version 2.0.+

In previous versions of OAuth2 it was possible to add a custom token granter by adding it to the xml configuration in the element. I wonder how I could extend the authorization server with Java Config using a…
Christian Metzler
  • 2,971
  • 5
  • 24
  • 30
11
votes
5 answers

How to revoke auth token in spring security?

In logout controller I tryed to write a lot of combination of code. Now I have this: final Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request,…
gstackoverflow
  • 36,709
  • 117
  • 359
  • 710
10
votes
2 answers

Does keycloak support mongodb as a database?

We can use PostgreSQL or MySQL as DB for keycloak but I want to use mongo DB as database for keycloak. is there any way to implement this ?
Amol Jadhav
  • 133
  • 2
  • 6
10
votes
1 answer

Spring security JWT without OAuth

Recently I started learn how to configure spring boot with oauth 2.0 + jwt, and I have a question: is it possible to use spring boot security + jwt avoiding oauth 2.0?
Tymur Berezhnoi
  • 706
  • 1
  • 14
  • 27
1 2 3
99 100