Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
9
votes
2 answers

How get a token in spring boot 2 oauth2?

I'm new in spring security oauth2. I want to run this authorization server sample code. I run it successfuly, for get token, I set postman as follow and then send request: In this case, I entered client id with its password, but I want to login…
9
votes
1 answer

@WithMockUser with custom User implementation

I'm using spring OAuth2 and JWT tokens to secure an application. I am extending org.springframework.security.core.userdetails in order to add some additional attributes to the token which can then be used to perform authorization ones an endpoint is…
9
votes
9 answers

How to disable actuator security without disabling it totally with Spring Boot 2

I'm using Spring Boot Security with OAuth2. I wan't to disable security for health endpoint. I can totally disable security or write my own implementation of WebSecurityConfigurerAdapter and disable autoconfigured one. But how to modify existing…
9
votes
3 answers

SpringBoot - Error parsing HTTP request header (Oauth2 https endpoints)

when I am trying to access OAuth HTTPS endpoints from spring boot app , i am getting below error, but HTTP endpoint works perfectly fine Error: 2018-07-24 10:25:06.292 [DEBUG][8464][https-jsse-nio-8084-exec-8]…
9
votes
2 answers

Oauth2 get Username from token

I have implemented Ouath2 as security for my Spring boot rest controllers. Before any of my resource is called, oauth2 validates the token for the users in user table. My question is how to avoid situation where if user1 token is in the request and…
RK3
  • 1,221
  • 9
  • 26
  • 37
9
votes
2 answers

Add filter before OAuth2AuthenticationProcessingFilter

I am using spring-security-oauth2 in IDP mode and spring-boot. I need to do some work before the oauth token is extracted from the request. How do I add a filter before OAuth2AuthenticationProcessingFilter? I have…
jax
  • 37,735
  • 57
  • 182
  • 278
9
votes
5 answers

Spring security OAuth2 Refresh Token - IllegalStateException, UserDetailsService is required

I am new to Spring security and developing spring REST API with OAuth2 authentication and authorization. Everything is working fine, but when I request Refresh token, than I get error which states…
9
votes
1 answer

What the configuration of spring-security-oauth2 authorizedGrantTypes means in practice?

For example on the default jhipster UAA configuration we have: clients.inMemory() .withClient("web_app") .scopes("openid") .autoApprove(true) .authorizedGrantTypes("implicit","refresh_token",…
Costa
  • 171
  • 1
  • 3
  • 5
9
votes
4 answers

Refresh token call fails using spring security an oauth2 with error: UserDetailsService is required

I am using Spring Security OAuth2 for authorizations. When trying to refresh the token I get an error: UserDetailsService is required (interestingly I get this error only on unix machines and not on windows). I am using Spring OAuth2 version…
9
votes
1 answer

Spring OAuth2 refresh token to change after refreshing access token

I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token with grant_type=refresh_token, however, spring returns same refresh…
9
votes
1 answer

Null client in OAuth2 Multi-Factor Authentication

Complete code for a Spring OAuth2 implementation of multi-factor authentication has been uploaded to a file sharing site that you can download by clicking on this link. Instructions below explain how to use the link to recreate the current problem…
CodeMed
  • 9,527
  • 70
  • 212
  • 364
9
votes
1 answer

Secure Spring RESTful API with Google OAuth2 Authorization server

I plan to create application with Spring RESTful API backend and client on AngularJS. I'd like to secure my Spring RESTful API with Google OAuth2 Authorization server. I have an architectural question: After successful authorization in Google I'll…
alexanoid
  • 24,051
  • 54
  • 210
  • 410
9
votes
1 answer

Spring security OAuth - check validity of access token?

I am following this sample code from Spring Security OAuth. After I got the access token when I try to check the token curl -X POST http://localhost:9999/uaa/oauth/check_token -d "token=e3f44c4f-f8f2-45c4-9f9e-c7dd1f583a1f" I get the following…
brain storm
  • 30,124
  • 69
  • 225
  • 393
9
votes
3 answers

OAuth2ClientContext (spring-security-oauth2) not persisted in Redis when using spring-session and spring-cloud-security

Thanks a lot in advance for reading this question. Setup I am using: spring-security-oauth2:2.0.7.RELEASE spring-cloud-security:1.0.1.RELEASE spring-session:1.0.1.RELEASE and would have a question regarding the persistence of…
9
votes
3 answers

spring-security-oauth2 2.0.7 refresh token UserDetailsService Configuration - UserDetailsService is required

I would have one question regarding the configuration of spring-security-oauth2 2.0.7 please. I am doing the Authentication using LDAP via a…