I am facing the OAuth issue, details are below: I am having two microservices: registration-service(https://github.com/choudharylakshyaveer/registration-service) student-service(https://github.com/choudharylakshyaveer/student-service) For these two I have added : cloud-config-server(https://github.com/choudharylakshyaveer/cloud-config-server) naminig-server(https://github.com/choudharylakshyaveer/naming-server) gateway(https://github.com/choudharylakshyaveer/api-gateway) FrontEnd: is at react js: https://github.com/choudharylakshyaveer/chargie For first time use, a new user need to be register that can be done from curl: To login using the above registered user, below can be run
Tag: spring-security-oauth2
Multiple authentication servers for my OAuth 2 resource server
I have implemented a simple resource server with Spring Boot and Spring Oauth2 with Google as authentication server: How do I add a few more authentication servers like Github, Facebook, or Twitter? Right now I am able to generate id_token and access_token for Google authentication but I am not sure if Github or Facebook supports it. I couldn’t find anything
A better way to implement a large amount of cascading roles and authorities in Spring Security?
So i’m currently refactoring the backend code for my organization to prep for future upgrades. It currently runs fine, its just that the code is getting quite messy because of the sheer amount of roles and authorizations that exist in this org. So our backend stack here is a simple springboot Rest API, we use a third party Oauth authentication
Spring Boot, OAuth2 authentication is lost between requests
EDIT: log from org.springframework.security: ***But if I look in the logs some requests after I can get the valid auth: Debug 2022-01-17 12:31:03.945 IST “Set SecurityContextHolder to SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=com..security.oauth.CustomOAuth2User@, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=***, SessionId=9438C880A19C93AADJI206B9B8B3386], Granted Authorities=[ROLE_USER, SCOPE_https://www.googleapis.com/auth/userinfo.email, SCOPE_https://www.googleapis.com/auth/userinfo.profile, SCOPE_openid]]]” Debug 2022-01-17 12:31:03.945 IST “Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=com..security.oauth.CustomOAuth2User@, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=***, SessionId=9438C880A19C93AADJI206B9B8B3386], Granted Authorities=[ROLE_USER, SCOPE_https://www.googleapis.com/auth/userinfo.email, SCOPE_https://www.googleapis.com/auth/userinfo.profile, SCOPE_openid]]]” Debug 2022-01-17
Token exchange in Spring OAuth2 client credentials flow
I have following Spring Security configuration: And following configuration is used: Now I need to do impersonation(https://datatracker.ietf.org/doc/html/rfc8693). So I need to pretend as some user. I need it because of “current user” logic inside some-app application. How can I reconfigure to achieve it ? P.S. I tried to google it but I haven’t found anything relevant. Answer RFC 8693 Token
spring security hasAuthority(“SCOPE_xxx”) method not working with spring authorization server version 0.2.0
I have created an authorization server using the new spring authorization server module. I am able to get the token successfully but when I try to use the token against a protected endpoint with hasAuthority() I get forbidden 403 error. Below my pom.xml file Below is my Authorization Server config And this is my Security Config Here is my user
Get access token using Spring Security with a specific use-case
Is this use-case supported for Spring Security 5, or something else, where we don’t have to reinvent the wheel? Thoughts on how to (re)implement this better? Details are as follows. 3rd party vendor supplied endpoints. We pull info from upstream source then forward to the downstream vendor. Only 2 APIs are required: Request Access Token Save Info Both are actually
Spring Boot HttpSecurity – @PreAuthorize – How to set AuthenticationFilter?
I am currently developing a API Authorization. So basically I have a filter JwtAuthorizationFilter. And in my RestController I want to annotate the request that should be filtered via @PreAuthorize(“hasRole(‘ADMIN’)”) for example. So my question is now: How do i have to setup the WebSecurityConfigureAdapter (or any other thing) to link the annotations with the JwtAuthorizationFilter? Thank you! Best regards
Spring Boot OAuth2.0 with Azure Authentication Error – Missing required “user name” attribute name in UserInfoEndpoint for Client Registration: azure
I am trying to login using correct credentials and I am getting following error. I have created Azure AD B2C application following spring starters described on Azure website. User created in Azure Active Directory is member of two groups test2 and test3. I have another spring application, authentication and authorization is working in that application but not in this one.
Spring 5 Oauth2 – How to provide the check token URL in my Resource server?
I need some help.. I set up an AuthorizationServer using @EnableAuthorizationServer from Spring-security-oauth2 for grant type “client_credentials”. Able to create, check tokens and everything good with this. /oauth/token /oauth/checkToken Followed this sample for Authorization server I have a separate project that has the REST APIs to be secured. I can’t use @EnableResourceServer because that project uses Spring 5.2.8 and the