Spring OAuth + JWT -- /oauth/token

Question

I'm trying to configure my spring application to use JWT using https://github.com/spring-projects/spring-security-oauth. I've exposed a bean for ConsumerTokenServices backed by a JwtTokenStore, but hitting /oauth/token doesn't give me a JWT.

$ curl localhost:8643/contextpath/oauth/token?grant_type=client_credentials -u user:password` {"access_token":"a78a6225-78d5-4cb8-9393-6c0b567a6f24","token_type":"bearer","expires_in":5684,"scope":"read write"}%

I know that the TokenStore is being used, because hitting check_token produces an error, where it didn't before.

$ curl https://localhost:8643/context/oauth/check_token?token=a78a6225-78d5-4cb8-9393-6c0b567a6f24 {"error":"invalid_token","error_description":"Cannot convert access token to JSON"}%

How do I make my TokenEndpoint spit back a JWT?

Did you try making a sample app with Spring Boot 1.3? It does come with auto support for OAuth2, see spring.io/blog/2015/11/16/spring-boot-1-3-0-released. I would try to build a sample app and then to look at github.com/spring-projects/spring-boot/blob/master/… and github.com/dynamind/spring-boot-security-oauth2-minimal. Another good blog series is spring.io/blog/2015/02/03/… — ChrLipp
– ChrLipp, Commented Nov 21, 2015 at 12:59

jacob · Accepted Answer · 2017-02-22 09:26:39Z

Maybe you should use JwtAccessTokenConverter provided by spring and then properly configured. Here is an example:

public class YourTokenEnhancer extends JwtAccessTokenConverter {

//you can autowire sth for you logic

@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
                                 OAuth2Authentication authentication) {
    DefaultOAuth2AccessToken customAccessToken = new DefaultOAuth2AccessToken(accessToken);

    OAuth2AccessToken enhancedToken = super.enhance(customAccessToken, authentication);
    return enhancedToken;
}

And the configuration is:

 @Configuration
 @EnableAuthorizationServer
 public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
 //other config...
 @Bean
 public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new YourTokenEnhancer();
    converter.setSigningKey("secret");
    return converter;
 }

 @Override
 public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

    endpoints.authenticationManager(authenticationManager)
            .tokenStore(redisTokenStore())
            .tokenServices(authorizationServerTokenServices())
            .accessTokenConverter(accessTokenConverter())//configure it here
            ;
 }
}

Collectives™ on Stack Overflow

Spring OAuth + JWT -- /oauth/token

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related