3,137 questions
-2
votes
1
answer
779
views
How to authenticate resource owner with JWT token on Spring Authorization Server for requests to /oauth2/authorize?
I'm migrating from spring-boot 2.7.18 to 3.3.3 and moving from
spring-security-oauth2 to spring-boot-starter-oauth2-authorization-server
UPDATE:
My usecase:
I have gateway service which is sitting ...
- 19
0
votes
0
answers
295
views
Spring Authorization Server requirements
We have a project that uses the deprecated Spring Security OAuth module.
We also use Spring v5, Spring Boot v2 and Tomcat v9. Java version is 17.
From what I have found the new Spring Authorization ...
- 1
0
votes
0
answers
596
views
Handling Deprecated AuthorizationServerConfigurerAdapter in Spring Security OAuth
I'm currently working on implementing an Authorization Server using Spring Security OAuth. While configuring the OAuth server, I've encountered that the AuthorizationServerConfigurerAdapter class ...
- 1
1
vote
0
answers
105
views
How to enable oAuth2 resource server feature in spring boot 2.0.5.RELEASE?
I want to integrate oAuth2 resource server feature in my spring boot 2.0.5.RELEASE application in order to protect api access with valid token issued by my authorization server keycloak.
Then to ...
- 13
0
votes
1
answer
462
views
Multitenancy next level
This question is about Spring-Security and Multitenancy.
I'm facing a challenge to implement a multitenancy oAuth2-Security for customers who use JWT tokens with realm roles and other without.
So far ...
- 1,403
0
votes
1
answer
2k
views
When new tokens are get in Keycloak, previous sessions are not closed
A new session is created every time I get tokens from Keycloak. Every time I get a token, I want the previous sessions to be closed. I have not seen such a service on the Keycloak side. What method ...
- 902
0
votes
1
answer
246
views
There is no client authentication. Try adding an appropriate authentication filter
I got error when I got token0
Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.
I can get the code from http://...
- 1
1
vote
0
answers
467
views
Alternative for DefaultTokenServices in spring security 6
I am doing migration of oauth2 from spring security 4.0.1 to 6.0.1 and found that DefaultTokenServices has been removed in spring security 6
We were previously autowiring of DefaultTokenServices as ...
- 11
0
votes
1
answer
1k
views
How to Migrate Spring security from 3.1.2 to 6
Existing Spring Boot project spring-boot-starter-parent version 1.5.3.RELEASE and spring-boot-starter-security version 3.1.2
I am upgrading the project from jdk 8 to jdk 21,
Spring Boot to 3.1.4 and ...
- 35
1
vote
1
answer
4k
views
How to use OAuth 2.0 for security purpose when its deprecated in Spring Boot?
I have a Spring Boot application. Spring Boot 3 and Java 17. I want to use OAuth 2.0 for security purpose. I checked a few articles. It states that OAuth 2.0 is deprecated. Can anyone suggest how to ...
- 11
0
votes
1
answer
859
views
Spring Security OAuth resourceserver can only configure itself through the issuer-uri
I am using docker to deploy an application with:
an nginx container terminating SSL
a Keycloak container
a Spring Boot OAuth resource server.
I have the following configuration:
security:
...
- 552
0
votes
0
answers
113
views
Trying to get OAuth2 token from Azure server from Java
Hi have these below details which are working fine from Postman but I need to retrieve the Oauth2 token from Java.
ClientId : clientid-abcd-bcda-xxxx-bbbbc-bbbbsjhk
clientsecret: client-secret-xxxx-...
- 39
1
vote
3
answers
5k
views
Spring OAuth2 Client - authorization code exchange fails
Suppose we have a confidential OAuth2 Client performing authorization against the Authorization Server using authorization code grant type.
Here's a minimal reproducible example.
Client application is ...
- 41
1
vote
0
answers
923
views
Issue with using org.springframework.security.oauth:spring-security-oauth2 Java SDK while migrating from Spring 5 to Spring 6
We plan to migrate to Spring 6 from Spring 5 and were using spring-security-oauth2:2.5.1 library.
Now with Spring 6, since we need to use Jakarta namespace and spring-security-oauth2 latest 2.5.2 ...
1
vote
1
answer
2k
views
Oauth2: request custom claims on requesting access token
Is it possible to add custom claims into an access token at the moment of requesting that?
I mean, by default authorization server adds its claims, but in mu case, I'd like request an access token ...
- 23.6k
-2
votes
1
answer
587
views
Roles based authorization using JWT token with Roles without verifying the token
I am getting a JWT token to the java back-end from the UI which contains "roles" in it. I am trying to implement role based authorization(secure the Rest APIs) using spring security using ...
- 57
1
vote
1
answer
1k
views
Spring in Kotlin, JWT Token encoded with base64url
I'm trying to create a JWT token with NimbusJwtEncoder, and I'm getting a token correctly. but each time i verify it on jwt.io it says that the signature is invalid, because it is not encoded ...
- 657
0
votes
1
answer
247
views
NullPointerException at JBossServerAuthConfig.getAuthContext line 108
I'm using Spring Boot 2.7.9 to create a website along with Spring OAuth2 and Google Auth. When I try to access the site, I'm getting the above error. I've traced it back a bit, but would like to hear ...
- 5,014
0
votes
1
answer
536
views
Spring Resttemplate with multiple Proxy host
I have to call an api which is only accessible via bunch of proxy server(set of servers are deployed and anyone can be active at give point of time ) . I am using following code to set the proxy to ...
- 79
1
vote
1
answer
1k
views
Spring Boot OAuth2 authentication with Google failing due to missing client_secret
I'm trying to implement OAuth2 authentication with Google in my Spring Boot Angular application, but I'm getting an "invalid_request" error with the message "client_secret is missing&...
- 11
2
votes
0
answers
2k
views
How to replace OAuth2 in Spring Boot 3?
I have read a lot about this topic but I have not found a solution to whether to replace what was used or create new methods or if there is a new dependency that can help me, referring to the ...
- 43
1
vote
1
answer
777
views
Spring Authorization Server use additional parameters from authorization request for login
So basically, what I want is that following request:
http://127.0.0.1:9000/oauth2/authorize?response_type=code&client_id=test-client&redirect_uri=http://127.0.0.1:8080/authorized&scope=...
- 159
0
votes
1
answer
779
views
How to append custom request header during Authorization endpoint call in Spring Boot OpenID Connect
I'm using spring 5.3.25. The Identity Provider implemented a security in authorization and token endpoint in OIDC such that the endpoints are expecting a certain request header value from the OIDC ...
1
vote
3
answers
896
views
Keycloak and SpringBoot
I started playing with Keycloak, but I have a question. While reading articles, I always found examples where a client (let's say Angular) is logging in on Keycloak, it gets a bearer and then it send ...
- 3
0
votes
1
answer
348
views
Keycloak: resource rolebased acccess management
Input data:
eureka (localhost:8761)
spring boot cloud gateway service with keycloak (localhost:8765)
developer resource service (localhost:8082)
kecloak (localhost:8080)
Keycloak:
created realm
...
- 7