问题
I just want to know if there is any way to skip User approval screen in Spring Boot - Spring Security OAuth2. I heard about custom user approval handler but I am quite not sure how to override it to disable user approval process and do a direct redirect.
Thanks
回答1:
You don't need a custom handler to skip approval (since 2.0 anyway). You just set the autoApprove flag in the client details to "true" (or a list of scope patterns to auto approve).
回答2:
This is how I changed it in my JHipster application:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jhipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.autoApprove(true)
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(jhipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jhipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
回答3:
set property auto-approve-scopes: '.*' in application.yml
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
seee also https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_authserver
来源:https://stackoverflow.com/questions/29696004/skip-oauth-user-approval-in-spring-boot-oauth2