oauthserver | 使用oauth2.0写的简单的client和认证Server , 使用了 @ EnableOAuth2Sso注解来模拟单点登陆

I set up an Authorization Service with Spring Security and Oauth2. Everything worked fine until i tried to customize the login page. If I login at my custom login page it redirects back to the login page and not to the callback url.

GET /login -> POST /login -> GET /login

I'm trying to follow this tutorial in order to get oauth working.

But when I try to make the below request

I'm trying to secure my rest api with authorization code flow, but i don't understand why i'm getting the message:

So, here is what I am trying to achieve:

• A Jupyterhub server
• Which when accessed and you are not logged in, takes you to another web server (custom coded in Django)
• That web server uses OAuth to authenticate a user
• And a notebook container is spawned.
• This notebook container must be pre-populated with a token that is used by a custom library baked into the notebook Docker image to authenticate against a service.
• The notebook container needs to be able to communicate with the web server for further interactions like retrieve results etc.

I have more or less achieved this except for the last part. I am getting a notebook server started but it has no access to the outside world. It can only access the Jupyter Hub (that's why it works!) and nothing else.

Here is my Jupyter Hub config relevant to the DockerSpawner (I'm leaving out the OAuth settings since these work as expected.

I am using spring boot oauth, while doing authorization I am not able to validate my credentials even if I used inMemory.

My authorization server:

Hello guys

I need some help in my problem. I can get token from my authorization server.

**That server using Oracle database.

For example

grant_type = client_credentials

clientId = curlclient

clientSecret = test

http://localhost:8885/oauth/token

After, I try to access resource server by the using result access token. But I can't.

Result is:

I had Oauth implemented in Spring Boot 1.5.7 but when I switched to 2 it showed me error "java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null".

From some research, I found that this may be an issue about password storage and password encoding.

What I've tried - I tried encoding the client secret in the authorization server file but that doesn't do anything and the error remains.

I've also tried saving the password with {bcrypt} as a prefix as spring security 5 looks for ann {id} during the password search.

I'm not able to fetch the access token and the above error doesn't go. Can someone help me figure this out? I've read and implemented almost everything and it doesn't seem to work.

Update: I was able to solve the above error by saving the password with {bcrypt} format. Similarly applying passwordEncoder in other required places.

Issue: I'm now facing an error with bad credentials. I've debugged and figured that its not getting the username we're trying to pass in the api and receiving null parameter. The flow reaches the userDetailservice but with an epmty parameter. I've attached my UserDetailsService along with this.

SecurityConfig.java

I have two microservices, the first for OAuth2 and the second for API. When I log in from the browser, everything works fine, authorization passes and redirection to my API works. But when I try to do it through Postman, I don’t get access to API.

Please see this link, I've copied a lot of code from this https://www.baeldung.com/sso-spring-security-oauth2

Tech stack: Java 8, Spring Boot, Spring Web, Spring Security, OAuth2.

I tried to use different configs and many options, but so far I have returned the code to the outgoing state so that you can tell me what could be the error.

auth module:

I have a spring boot oauth2 server that uses a JDBC implementation. It is configured as an authorization server with @EnableAuthorizationServer.

I'd like to scale that application horyzontally but it doesn't seem to work properly.

I can connect only if I have one instance (pods) of the server.

I use autorisation_code_client grant from another client service to get the token. So first the client service redirect the user to the oauth2 server form, then once the user is authenticated he is supposed to be redirect to the client-service with a code attached to the url, finally the client use that code to request the oauth2 server again and obtain the token.

Here the user is not redirected at all if I have several instance of the oauth2-server. With one instance it works well.

When I check the log of the two instances in real time, I can see that the authentication works on one of them. I don't have any specific error the user is just not redirected.

Is there a way to configure the oauth2-server to be stateless or other way to fix that issue ?

Here is my configuration, the AuthorizationServerConfigurerAdapter implementation.