spring-security-oauth2

Is it possible to set a default login successurl for a Spring Oauth2 Sso service? Following szenario browser reqeuests index.html sso service: Not protected ==> return the index.html index.html contains manifest attribute ==> browser requests the manifest sso service: Manifest is protected ==> returns 401 client redirects to ${sso.host}/login sso service redirects to auth server authentication ==> redirects back to ${sso.host}/login with the code in the query-String sso service: requests token and redirects to the manifest file Is there a way to NOT redirect to the last requested resource

I have separate authorization server and resource server. Authorization server is pointing to a separate database. I haves used CustomUserDetailService for user related information. I have used CustomTokenEnhancer to have additional information apart from the token in the response. @Configuration public class OAuth2Configuration { @Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware { private static final String ENV_OAUTH = "authentication.oauth."; private static final String

We have implemented a server API using spring-oauth2. I have noticed that the server generates the same token per user/client id combination even when calling from separate devices. This causes an issue as my clients can run multiple instances: e.g. android and ios apps. I need a way to link the token to a specific instance and not re-use the same token. An example where this is required is for GCM (or push notification) where the API needs to know which instance it is communicating with. This is my current spring config: <http pattern="/oauth/token" create-session="stateless" authentication

We're currently using the Spring OAuth Authorization Server but currently do not use the "scope" parameter from the OAuth specification. This has been a bit of a pain point as the Spring OAuth Authorization Server requires that scope be explicitly required when requesting an authorization code. From DefaultOAuth2RequestValidator : if (requestScopes.isEmpty()) { throw new InvalidScopeException("Empty scope (either the client or the user is not allowed the requested scopes)"); } This however goes directly against the OAuth 2.0 specification: 4.1.1. Authorization Request The client constructs the

I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token with grant_type=refresh_token , however, spring returns same refresh token. I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token? By taking a look at refreshAccessToken method in the DefaultTokenServices class: public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) { // Omitted if (!reuseRefreshToken) { tokenStore

We have a dedicated authorization server extending AuthorizationServerConfigurerAdapter, where we have set authorities overriding void configure(ClientDetailsServiceConfigurer clients) method. @Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { @Value('${oauth.clientId}') private String clientId @Value('${oauth.secret:}') private String secret @Value('${oauth.resourceId}') private String resourceId @Autowired @Qualifier('authenticationManagerBean') private AuthenticationManager authenticationManager @Bean public

I have a fairly basic setup in my Spring Boot project. I'm trying to set up OAuth2 to protect my API but I'm running into issues with my /oauth/token end point. Making either a POST or GET request to my /oauth/token end point results in the following response (With a 401 Unauthorized status code): { "timestamp": "2018-09-17T16:46:59.961+0000", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/oauth/token" } This is my Authorization server configuration. import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation

I was using Spring Boot 1.4.0 with Spring OAuth2. When I requested a token, the server response was: { "access_token": "93f8693a-22d2-4139-a4ea-d787f2630f04", "token_type": "bearer", "refresh_token": "2800ea24-bb4a-4a01-ba87-2d114c1a2235", "expires_in": 899, "scope": "read write" } When I updated my project to Spring Boot 1.4.1, the server response became { "error": "invalid_client", "error_description": "Bad client credentials" } What was changed from version 1.4.0 to 1.4.1 ? And what should I do to make my request work again? EDIT WebSecurityConfiguration: @Configuration @EnableWebSecurity