发表新帖
发表新帖

Spring Security OAuth2 Resource Server Always Returning Invalid Token

后端 未结
关注
3 1034
温柔的废话
温柔的废话 2020-12-08 01:42

I am trying to get a basic in-memory OAuth2 server running using the Spring Libraries. I have been following the sparklr example.

I currently have configured the Ser

3条回答
  • 一生所求
    一生所求 (楼主)
    2020-12-08 01:52

    Your step #6 is wrong - the access token should not be sent in the URL as it is vulnerable this way. rathen than GET, use POST.

    Besides, I don't understand your step #1 - why do you call /oauth/authorize? it should be done implicitly when you try to get a protected resource. I mean, your flow should start with:

    Attempt to access a restricted resource using the access_token: http://localhost:8080/server/me

    Then the negotiation will start "behind the scenes": a redirect to "/oauth/authorize" etc.

    In addition, in step #8, note that you are not asking for "another access token", but instead it is a request for "refresh token". As if your access-token was expired.

    Note: The identity provider and the resource server should share the tokenStore! Read here: Spring Security OAuth2 pure resource server

    HTH

    0 讨论(0)
 看不清?
提交回复
热议问题