Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
1
vote
0 answers

I have an endpoint of /oauth/login. I don't know which class it is in , how can I debug to find it?

I have an endpoint of /oauth/login, a public endpoint. And I don't know which class it is in. As I know, there is an TokenEndpoint with '/oauth/token', but not with /oauth/login. I try to make a breakpoint in…
Holinc
  • 641
  • 6
  • 17
1
vote
2 answers

facebook throws "An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response" when use oauth2

I want to use oauth2 with facebook in mu web application with spring boot and this is configuration for this purpose: spring: security: oauth2: client: registration: google: clientId: clientIdValue …
Rasool Ghafari
  • 4,128
  • 7
  • 44
  • 71
1
vote
2 answers

Oauth refresh token grant types

I am learning Oauth grant types.I have observed that refresh token is applicable only for authorization Code and Resource Owner Password Credential Grant . My question is why it is applicable only for authorization Code and Resource Owner…
user3094331
  • 532
  • 6
  • 21
1
vote
0 answers

How can I trust a custom certificate in reactive Spring Security OAuth2?

Due to some quirks with a particular cloud OAuth2 identity provider, I need to perform "split-horizon" interactions where the main OAuth2 token exchange is directed to the cloud provider (which uses a globally valid TLS certificate) and the…
chrylis -cautiouslyoptimistic-
  • 75,269
  • 21
  • 115
  • 152
1
vote
1 answer

Spring security /oauth/check_token API performance issue

Below is the API which is the endpoint of spring-security-oauth2-2.x.x for validating the access token. curl -v -H 'Accept: application/json' -H 'Authorization: Basic NTIyNDM0OWYtYmNlMy00NTMwLWEwMTgtNmU4YWVkM2JiMzhlOm15LXNlY3JldC1rZXk=' -X GET…
Deepesh Uniyal
  • 923
  • 3
  • 20
  • 44
1
vote
1 answer

Spring Security - How do I retrieve data (like email, name, picture, etc) after logging in with OAuth/Google by using principal?

I'm developing a demo where I use OAuth2 to login using a Google account. I have the index page that redirects the user to the OAuth/Google login, and once authenticated, I want to get redirected to a page where I can display the account's name and…
Flood
  • 11
  • 2
1
vote
0 answers

Using spring-security-oauth2-client with custom ClientRegistrationRepository

I'm building a service which is responsible for allowing a user to link external services to their user account. Authentication of the web app is using a JWT passed in via query string. I have a Controller that is attempting to use the…
Josh Collins
  • 101
  • 1
  • 6
1
vote
1 answer

Why confidential and public clients require apps to handle sessions in the spring/keycloak adapter?

Browsing the keycloak docs we spotted this statement: You must provide a session authentication strategy bean which should be of type RegisterSessionAuthenticationStrategy for public or confidential applications and NullAuthenticatedSessionStrategy…
José Carlos
  • 414
  • 2
  • 8
1
vote
1 answer

Springboot Social login with oauth2 + JWT

I am developing a REST monolith service. With it i need to be able to register users through social networks, store them internally in my database and authorize them with certain authorities. After which i need the service to use JWT for security,…
vibetribe93
  • 257
  • 8
  • 23
1
vote
1 answer

spring oauth2 resourceserver jwt.jwk-set-uri from eureka server

Currently i have configured set-uri like below in resource server & spring cloud gateway, spring.security.oauth2.resourceserver.jwt.jwk-set-uri: http://dev.auth.server:9999/.well-known/jwks.json However to achieve high availability, I would like…
Sathish
  • 245
  • 1
  • 3
  • 16
1
vote
0 answers

Can’t establish a connection to the socket in spring boot

I configured socket in my spring boot + angularjs application and you can see configuration classes here: WebSocketBrokerConfig @Configuration @EnableWebSocketMessageBroker public class WebSocketBrokerConfig implements…
Rasool Ghafari
  • 4,128
  • 7
  • 44
  • 71
1
vote
0 answers

Spring boot OAuth2RestTemplate client setup, authorization_request_not_found error

I try to setup an OAuth2RestTemplate in a spring boot project. I tried to follow a custom setup, but for some reason I always get authorization_request_not_found error when trying to access a secured resource. My…
Tozo
  • 63
  • 7
1
vote
1 answer

Why client ID and client secret are not injected into OAuth2ClientProperties?

I have spring-boot application with Azure AD as OAuth2 provider. Here's my application.yml file: server: port: 8080 address: localhost security: oauth2: client: registration: azure: client-id:…
Praytic
  • 1,771
  • 4
  • 21
  • 41
1
vote
2 answers

Deployed app cannot exchange oauth2 code for token

Locally everything works! However, after a deployment to my Kubernetes k3s cluster on raspberrypi, which is accessible via https domain the oauth2 code exchange for token feature doesn't work. I currently support authentication via Google and GitHub…
Humberd
  • 2,794
  • 3
  • 20
  • 37
1
vote
0 answers

Implementing OAuth with Api-Gateway in Implicit Grant Type using Spring Cloud (Stateless)

We have Api gateway in front of auth-provider and microservices(resource servers). In this architecture, we don't need to get the JWT by authorization_code grant type and fire two calls as we don't have external oauth clients and only client is the…
Nav
  • 4,450
  • 10
  • 53
  • 84
1 2 3
99 100