oauth-server | authorized authentication center of the choerodon | Authentication library

The autoloader is not configured properly:

According to the Authlib documentation, there is a built-in approach to this problem. Thanks @lepture for pointing this out in the comments.

We can extend a built-in IntrospectTokenValidator to implement our validator.

Requiring both "symfony/symfony": "^2.8.*" and "symfony/console": "^3.0" does not work, as symfony/console is a component that is also part of symfony/symfony. You need to get rid of one of this requirements.

If you face any further problems, please share the error message occurring after this first fix

Well the correct term is that @EnableAuthorizationServer is in maintenance mode which basically means deprecated. As in there will be no added features or updates.

The story goes basically as follows.

During Spring 4 i believe there was a single person that maintained the oauth2 part of spring security. When Spring security 5 was launched the team at pivotal decided to do a major overhaul of spring security and the oauth2 parts. So what they did was to drop Authorisation server support, and instead focus on the Resource server support at first.

Spring announcement of dropping Authorisation server support

You have pulled in spring-cloud-starter-oauth2 which in turn har a peer dependency on spring-security-oauth2-autoconfigure which in turn pulls in spring-security-oauth2.

Here Spring clearly states that if you wish to use spring-security-oauth2 they will help you out, but it is in maintenance mode.

The choice to not support it was made because an authorization server is like owning a product. Spring doesn't maintain their own database, or own Ldap server etc. There are plenty of auth servers out there that can be used, okta, curity, github, fb, google, etc, etc.

But Spring has actually reevaluated that choice and decided to start a community developed open source authorisation server

So you have 3 choices:

• use the old, that is in maintenance mode
• use a 3rd party vendor, github, fb, google, okta, curity etc.
• try out the new open source authorisation server

Your problem doesn't solve yet. Look https://issues.apache.org/jira/browse/NIFI-7421

Finally I found the solution.

So, following the migration from Symfony 2.8 to symfony 3.4, you have to move the bootstrap.php.cache file from the "app" folder to the "var" folder and so, you have to modify the path of this file in the phpunit.xml configuration.

I fixed it by adding a resolver, my-maven, with https root and add it to the chain. It should also work if I change the root of the central resolver.

So, I found a solution: https://github.com/cryptearth/YouTubeLiveChat/commit/b1ce15400688b6907600b006463ce538132bd807 It boils down to two things I didn't understand until now:

1. The Credential.Builder works fine with just give "null" as the client-secret.
2. The AuthorizationCodeFlow doesn't need a DataStoreFactory.

So, when not setting a DataStoreFactory for the AuthorizationCodeFlow the Credential gets created, but just not stored anywhere (in the source there's a simple if(null) to check for if a DataStoreFactory was set). This also the client id doesn't really matter as there's no risk that another thread could access the newly created Credential. As AccessTokens only have a limited validity (about an hour) I didn't test what happens when the client runs for longer than this, but as the doc hints there're internal checks so I guess it would try to refresh itself - which would fail. Or, if the refresh didn't happen the next call will fail just with an 401 - Unauthorized reply from Google. So by disable the auto-refresh mechanism I guess I have to somehow check it myself and let a refresh happen on the server at the right timing. To refresh I just sent the refresh token to the server wich then respond with a new access token and the new lifetime of it. So, the server doesn't have to store anything and the client only the refresh token - DONE! Re-Implement the auto-refresh stuff could be done dirty by abusing the Exception caused by the 401 reply after the validity ran out - would work but is considered bad code style - have to figure out how to write it somewhat not-bad.

About hitting the 10k limit in 5min: I set the timeout to 10sec - gave me about 2h30m on a test - still not enough for my own daily streams - and if I would share it I had to lengthen the timeout even further. So, if 10sec get me 2h30m I would need a poll timeout of 100sec to get about 24h - for one uses(!) - that's 1m40s - multiplied by the number of users. Guess I would have to make a proper project page and somehow had to increase my max quota ... but that's a story for another day.

Question solved - project dev paused.