Questions tagged [spring-security-oauth2]

Spring Security implementation of the OAuth2 spec. We don't get many questions on OAuth 1(a) but feel free to tag them here.

0
votes
0answers
11 views

OAuth2.0! how to authenticate subsequent request after successfull login [on hold]

if i have done the successful login using third party like google oauth2.0, then how to recognize the subsequent request is authenticated.
3
votes
1answer
34 views

How can I access JWT claims in Spring API handler methods using Webflux?

I am adding a WebFilter to perform JWT authentication inside of SecurityWebFilterChain. We encode a lot of non-auth related information in the JWT that is needed by many of our API endpoints, so I ...
0
votes
1answer
20 views

How to integrate Spring Boot with Spotify OAuth 2 authentication

I´m new at spring boot and spring security. So i started with some tutorials. Now i want to integrate oauth authentification with spotify in my sample application. I´ve oriented me on the spring boot ...
0
votes
0answers
10 views

How to integrate OAuth2 Social Login with Spring Boot 1.x.x?

I already have a Spring Boot (1.4.4) application with Form Based Login and I'm trying to set up a Google social login with OAuth2. Spring used to support a project called Spring Social, but It won't ...
0
votes
1answer
13 views

Successful Spring OAuth2 login with empty authorities

I implemented the login of my Spring Boot web app using OAuth2 and everything works fine. The only problem is that the logged in user does not has the authorities information saved inside the session ...
0
votes
2answers
19 views

How to tune authenticationEntryPoint behaviour Spring Security

I have Spring Boot 2 based Security Gateway performing OAuth2 authentication sitting before GUI app and back-end. It is configured like @Configuration @EnableOAuth2Client @EnableWebSecurity public ...
1
vote
0answers
16 views

how can i do authorities access controll in spring security oauth2?

I`m trying to use spring security oauth2 to do authority access controll with annotations like @PreAuthorize("hasAuthority('perm2')") or with security config in WebSecurityConfigurerAdapter.But I ...
1
vote
1answer
18 views

Facebook Spring OAuth2User does not contain email

I'm trying to implement the signup phase with Facebook of my Spring webapp using Spring OAuth2. I'm following this guide https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-2/ but ...
0
votes
0answers
10 views

GrantedAuthoritiesMapper can't grant authority with oauth2

Overview I configured Spring Security as below. Check user has ROLE_ADMIN at /api/** Grant ROLE_ADMIN to all user I intended that request to localhost:8080/api/** succeed but actually access was ...
0
votes
0answers
7 views

Is it possibile to separate authentication part (using google, facebook and local in my DB) with the authorization part?

I started from this spring example: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_github and I want to authenticate in this way and then authorize the user already ...
0
votes
0answers
20 views

why do i have to handle authorization code grant manually in spring boot oauth

I have created an authorization server using spring boot which stores user details and client details in a database. and the client application that I created stops with the authorization_code at ...
0
votes
0answers
9 views

Signup on a Spring Boot web app with socials using OAuth2

I would like to make a user signup with Facebook. I understood that the best way to do so is through OAuth2. I'm trying to integrate it following this guide https://www.baeldung.com/spring-security-5-...
0
votes
0answers
9 views

How do I implement OpenID connect in a Spring Security Authorization Server?

I've got an Authorization Server running using Spring boot security and spring-security-oauth2-autoconfigure shim jar. I would like to implement the openid scope and provide identity tokens back to ...
0
votes
0answers
11 views

How does spring sso authentication with oauth2 work?

I've set up 2 oauth2 client Spring Boot 2 web applications running on different ports and an authorization server. If I authenticate on one web application, I can then go and access a secured ...
0
votes
0answers
37 views

Spring REST api OAuth2 validating token from external authorization server

I am trying to implement my REST api which is the resource server used by mobile applications in my OAuth2 flow. I have an external authorization server made by someone else. Currently I have ...
0
votes
0answers
17 views

How ResourceServer dynamically get a client_id?

Is RemoteTokenServices has only two hard-code way to get and set the client_id in the following codes? If I have more than one application, how can I set the client_id? RemoteTokenServices ...
0
votes
0answers
7 views

How to use service name instead of External IP/domain name for “security.oauth2.resource.tokenInfoUri”

I am using Spring cloud with OAuth2. I have 4 applications as mentioned below: 1) Eureka server : Service Registery. 2) zuul as Api Gateway 3) Auth server - which is returning the access_token to ...
0
votes
2answers
62 views

Facebook Spring Boot login with OAuth2

I'm building a project with Spring Boot and Spring Security and I would like to implement the signup phase with Facebook and Google. I read about OAuth2 but I couldn't find any guide which shows ...
0
votes
0answers
37 views

spring-boot micro-service OAuth2TokenRelayFilter 500 error

I am working on a micro-service architecture spring-boot project. I have a micro-service(report), gateway and registry. The micro-service is running on port 8082 which is registered with the registry. ...
0
votes
0answers
31 views

Spring Boot Oauth2 with JWT - React CORS Problem

I'm setting up a authorization server with Spring Security Oauth2. Everything works as it is expected with postman, however I'm having CORS issues when trying to get JWT token from ReactJS frontend ...
0
votes
0answers
21 views

How to cache token with RemoteTokenServices?

I have RemoteTokenServices config similar to below and it works well: @Primary @Bean public RemoteTokenServices tokenService() { RemoteTokenServices tokenService = new RemoteTokenServices(); ...
0
votes
0answers
18 views

Invalid token in spring boot resource server

Hello guys I need some help in my problem. I can get token from my authorization server. **That server using Oracle database. For example grant_type = client_credentials clientId = curlclient ...
0
votes
1answer
37 views

Spring Security OAuth2 and Ldap authentication to the same resourse

I have Spring Boot 2 REST application, and I want to configure Spring Security to support Google Sign-In OR LDAP authentication to the same resourses(/employees for example) I've already done ...
0
votes
1answer
44 views

Storing JWT tokens on OAuth2 web client using Spring Security

I'm implementing an OAuth2 web application Client using Spring Boot 2.1.3 and Spring Security 5.1.3 that is obtaining JWT tokens from an authorization server through authorization code grant type and ...
0
votes
0answers
15 views

Spring security oauth token extraction

I am trying to extract my access token from Spring's security oauth module after authentication. I have tried looking over Principal object, multiple OAuth user details are displayed, yet not data on ...
0
votes
2answers
27 views

How can we implement authorization server using the latest spring-security-oauth2 jars with Spring 5.0?

I am using spring-security-oauth2 jars from below location with Spring security 5.0: http://repo.spring.io/release/org/springframework/security/ The jars available there are: spring-security-oauth2-...
0
votes
0answers
21 views

How to save adicional parameters on pricipal using keycloak?

I have a apllication with spring boot, I am integrating the application with keycloak, but i did not find anything about how to create a custom principal inside keycloak contetex. for example, how ...
0
votes
2answers
44 views

Multiple Access token with one refresh token

I have multiple mobile clients and they all authenticate using the password grant flow. For this, I just want to use one very long lasting refresh token with multiple shorter-lived access tokens. I ...
0
votes
0answers
20 views

Spring Boot Oauth2 Client and MercadoLibre: How to fix “OAuth2AuthenticationException: [invalid_token_response]”?

some days ago I started to work with MercadoLibre's API and it's necessary to use oAuth 2.0 to autenticate before start. But I'm having trouble to use "Server Side" autentication. I'm working with ...
0
votes
0answers
15 views

api gateway should check either the presence of access_token or sessionid in request for authentication

I have one spring boot application which is deployed in pivotal cloud foundry ,Where the security adapter should either check the presence of valid Access_Token or Session Id in the incoming request. ...
0
votes
0answers
50 views

Deny access for authorized users [duplicate]

I'm making REST API with Spring Boot and Kotlin. I have a controller, that allows to create user entity: @RequestMapping("/", method = [RequestMethod.POST]) fun createUser(@RequestBody userModel:...
1
vote
0answers
26 views

Spring boot OAuth2 Authorization Server Refresh Token with JWT

I've configured spring boot Oauth2 Authorization server as a standalone server. It works fine for grant_type password, client_credentials etc with JWT enabled. However when I use grant_type=...
-1
votes
1answer
16 views

Two or more applications authenticate by OAuth2

I have two Spring applicatons and I need to authenticate first application in another apllication. Its server-to-server communication and authentication. Is OAuth suitable for this or there is another ...
1
vote
1answer
30 views

How to use OAuth2RestTemplate having only tokenValue?

The application starts when other application calls the starting endpoint with the access token as a paremeter. The access token is a type of string. Then I have to call a few other endpoints where ...
0
votes
2answers
54 views

Spring Boot + Security OAuth2.0 Client with Custom Provider

I am creating a OAuth2.0 client for a custom OAuth2 provider in Spring Boot + Security (version 5) application. Below is the application.properties which has all the configuration and there is no ...
0
votes
0answers
11 views

Need an example of XML configuration for OAuth2 5.x module [closed]

I am trying to upgrade my Spring OAuth2 support from 2.5 version to 5.1. As OAuth2 support was completely rearchitected my current XML configuration is completely broken. I cannot use programmatic ...
1
vote
0answers
23 views

configuring method level authentication with spring-security and oauth2

I need to configure preAuthorize with method level scope check using oauth2. I have added all the configurations as shown below. It redirects me to user name , password console always. In my case I ...
0
votes
1answer
24 views

SpringBoot OAuth2RestTemplate retry requests

We are in the need of adding retries when making calls to an API that has Oauth2 from Spring. We haven't figured out how to do it in an easy way. We even tried with an interceptor but we have no luck....
0
votes
1answer
33 views

Should OAuth2 resource servers use Basic or Bearer token auth when communicating with the authorization server?

Given separate spring-security-oauth2 authorization and resource servers: I expected the authorization server's /oauth/check_token endpoint to accept a Bearer token from a resource server in the ...
0
votes
0answers
9 views

Intercept Okta OAuth/OIDC flow to create custom User Details

Where is the correct place in the spring java config to intercept the Spring Security OAuth20 flow to add addition details/Authorities to the User Details for a signed in principal? I'm looking to ...
0
votes
2answers
46 views

spring-security-oauth2 vs spring-security-oauth2-core in Spring

What is the difference between spring-security-oauth2 and spring-security-oauth2-core in spring? Is spring-security-oauth2 substituted by spring-security-oauth2-core? spring-security-oauth2 release ...
0
votes
3answers
61 views

OAuth2 Client Principal do not have GrantedAuthorities when authenticated by Other Custom Authorization Server (SpringBoot2 & OAuth2)

i'm using Spring Boot2 as Framework and Thymeleaf as template engine. in my authorization server, i added user 'admin' as 'ROLE_ADMIN'. but in Client Application, when i loged in as 'admin' and ...
0
votes
0answers
25 views

How to resume spring oauth2 authorization code flow after inserting custom onboarding flow?

I have developed a sample spring boot oauth2 application that includes both authorization & resource servers. Based on my use case, I have inserted a custom workflow between invoking the oauth2 ...
0
votes
0answers
36 views

Why won´t Spring Security 5 redirect back to protected resource after login?

After upgrading our authentication server from Spring Boot 1.5.13 to 2.1.3 it stopped redirecting after successful logins. It tries to reload the /login page now. I created a web site, proxy server ...
1
vote
1answer
67 views

SpringBoot2 OAuth2 AuthorizationServer's Login Page is shown infinitely loop after login

I'm implemention OAuth2 System with Spring Boot 2.1.4 and Spring Security OAuth2. I want to separate All Components Client, ResourceServer, AuthorizationServer) so i create 3 projects each git ...
2
votes
0answers
125 views

OAuth2 + Spring Boot 2 - ResourceServer in ZuulGateway with Authorization Server

I am trying OAuth 2 + JWT integration using Spring Boot 2 + Netflix OSS. On requesting access token, I am getting the below error in Zuul Gateway which acts as a Resource Server. 2019-05-04 14:41:29....
0
votes
1answer
19 views

how do I add a 'groups' custom claim to id_token issued by Cognito?

I want to use a custom claim on an open id connect id_token to indicate the groups that the user belongs to. I have this working with Okta and Spring Security 5. With Okta there was a simple way to ...
0
votes
0answers
9 views

Spring-Security-Oauth2: Full authentication is required to access this resource when accessed the client

I tried developing a simple spring boot and Oauth using Spring boot2.1.4 and Oauth2, i have developed refering some example program online which has a Oauth client and Authorization server the issue ...
1
vote
1answer
76 views

Spring Security OAuth2 - Find refresh token by username

Let's say we have an admin that wants to invalidate all user tokens (effectively logging the user out everywhere), but without blocking his account. The user should still be able to log in normally. ...
0
votes
0answers
25 views

Why is my OAuth2 application not getting values from the resource server jwk-set-uri

I'm designing a RESTful microservice that functions as an OAuth Resource Server. It's a Spring Boot application and the main class is annotated with @EnableResourceServer. The purpose of this ...

http://mssss.yulina-kosm.ru