oauth2-client | 基于spring boot2 Oauth2 Client sso 单点登录 | OAuth library
kandi X-RAY | oauth2-client Summary
kandi X-RAY | oauth2-client Summary
基于spring boot2 Oauth2 Client sso 单点登录
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Configures this HttpSecurity instance
- An OAuth2 user
- Configures this web security
- An OAuth2 user
- Handle refresh expired token
- Determines if the access token is expired
- Mapping of user - info - uri - uri - info - uri - info - uri
- On authentication success
- Gets list of resources
- Start the application
oauth2-client Key Features
oauth2-client Examples and Code Snippets
Community Discussions
Trending Discussions on oauth2-client
QUESTION
Finally, I get the refresh_token, by revoking from google account(aka remove the apps access through account).
Everything goes normal again, and I don't need to solve the problem as the title 'Get Google access token not through the browser'.
But why I success this time? Because this time I use curl but not thephpleague/oauth2-client way to request auth. I think there must missing some parms when I request auth via thephpleague/oauth2-client.
Here is a curl way that I get the refresh_token EVERYTIME after I revoke/remove the apps access from account.
ANSWER
Answered 2022-Mar-16 at 14:25First issue: off I think you have miss understood something about refresh tokens.
If you check the expiration page you will set this
There is currently a limit of 50 refresh tokens per Google Account per OAuth 2.0 client ID. If the limit is reached, creating a new refresh token automatically invalidates the oldest refresh token without warning. This limit does not apply to service accounts.
Yes there is a limit of 50 OUTSTANDING refresh tokens for a user. This means if I run your app and authorize it i get a refresh token back. If i run it again i get another refresh token back. I can do this 50 times and your app will have 50 outstanding refresh tokens to my account and they all will work. Once i do it the 51st time the first one will be expired.
So you can have a max of 50 out standing refresh tokens per user.
Second issue: Google does not return a new refresh token to you with every authorization request for a user. (Don't ask me why. It appears to be language specific. C# and java get a new token back every time. PHP and Python don't appear to.) Google assumes that you have stored that refresh token. I think if you do prompt=consent in the requested it will force it to return to you a new one. You can also have the user revoke your access to their app though there google account this would also trigger a new consent and return an access token and refresh token.
If prompt=consent doesn't work then go though this link and remove the apps access from your google account.
Third issue: Refresh tokens and access tokens are not interchangeable. A refresh token is used to request a new access token. an access token is used to access an api.
So by doing this
QUESTION
I am currently working on a Spring Project, which I am new to, and have no idea why this dependency I got from the maven repository will now resolve itself. I have tried to use both the separated dependency (jjwt-api, etc..) and the one pasted in my pom.xml below but it will not resolve. If anyone can help me figure this out that would great appreciated.
Spring v2.6.4 Java JDK 17 Error message: Dependency 'com.auth0:java-jwt:3.18.3' not found
...ANSWER
Answered 2022-Feb-27 at 19:10The MvnRepository page says, it's in the central repo, and the central repo link to the pom.xml of the dependency also works: https://repo1.maven.org/maven2/com/auth0/java-jwt/3.18.3/java-jwt-3.18.3.pom
So did you maybe try to resolve it once when you were offline? Failed resolving also is cached in your local maven repo, so you might have to clean that up. You can try to use
QUESTION
I have a Spring Boot (2.5) application in which I need to make a REST call to a remote system (a Solr instance where I store a denormalized view), in which I can either create or update records.
I don't really care about the response I get (and sometimes the remote system is slow to respond), so I am making an async call like this in createIndexForTicket / updateIndexForTicket :
ANSWER
Answered 2022-Mar-07 at 08:34Here's the workaround that seems to work :
declare a threadExecutor :
QUESTION
I need to get a UserDetails in servlet filter. So I'm getting it from SecurityContextHolder.getContext().getAuthentication() like this -
...ANSWER
Answered 2022-Feb-23 at 11:05this worked for me:
QUESTION
I have a super simple Spring Boot app with Spring Security 5 that authenticates over OAuth2 with a Keycloak 17 instance running in Docker.
Everything works fine when I start the app locally from Intellij.
But when I run the app from a Docker container with docker-compose I get:
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "http://localhost:80/realms/Demo/protocol/openid-connect/token": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
when I input the credentials on the keycloak login page. But there is a session created for that user in keycloak.
System:
- MacBook with Monteray 12.0.1
- Docker Desktop 4.5 with Kubernetes 1.22.5
docker-compose.yml
...ANSWER
Answered 2022-Feb-22 at 14:58It's working now. I added a reverse-proxy and changed the ports of the provider urls to the internal docker port.
QUESTION
I am developing a client application for client_credentials grant type flow in OAUTH2.
I am not able to decide on which dependency to use in my project for this purpose among the following.
- spring-boot-starter-oauth2-client
- spring-cloud-starter-oauth2
- spring-security-oauth2
I referred this documentation from spring-projects in which under client-support section it had a table describing the available options. But I am not able to understand which column is referring to which of the above dependencies.
I want to configure a WebClient or RestTemplate which retrieves the OAUTH2 token from the auth-server automatically before accessing a resource-server.
Please guide me in choosing the right artifact for my project.
...ANSWER
Answered 2022-Feb-11 at 16:54If you are using Spring Boot you should choose org.springframework.boot:spring-boot-starter-oauth2-client.
This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients.
You can read about how to configure client in the Spring Boot reference documentation.
You can also find additional details in the Spring Security reference documentation.
If you are not using Spring Boot then you should choose org.springframework.security:spring-security-oauth2-client. This also provides Spring Security's latest OAuth 2.0 Client support, but does not include the Spring Boot auto-configuration.
The corresponding documentation is also the Spring Security reference documentation.
The third dependency you mentioned org.springframework.security.oauth:spring-security-oauth2 should not be used because it is part of the legacy Spring Security OAuth project, which is now deprecated.
The functionality that this library provided has now been moved into Spring Security.
That is what the Migration Guide describes, the migration from the legacy project to the latest Spring Security support.
You should not use the org.springframework.cloud:spring-cloud-starter-oauth2 at this time, because it relies on the legacy OAuth support.
This is likely to change in the future, as the Spring Cloud team updates to the latest Spring Security support.
QUESTION
Sorry if this is off-topic but I haven't been able to find any information on it anywhere else. I'm trying to create an application registration that will allow a batch process to access the Azure REST API on my behalf.
Normally, this is pretty simple: just create the user, give it API permissions to what you need, add a secret and then insert the tenant ID, application ID and secret into a request against the /token endpoint, as described here.
I have done that and gotten the access token but, when I try to get all the billing accounts associated with the enterprise agreement, by calling https://management.azure.com/providers/Microsoft.Billing/billingAccounts?api-version=2020-05-01 I get no information back. Also, when I try to access a particular billing account back, by calling https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{account_id}?api-version=2020-05-01, I get the following error and a 403 response code:
ANSWER
Answered 2022-Feb-07 at 08:54The application registration should have any of the below roles to access the billing accounts information:
- Service Administrator
- Co-administrator
- Owner
- Contributor
- Reader
- Billing reader
You can assign any of the above roles from the Access Control (IAM) to the application registration
QUESTION
I have created my authorization server using org.springframework.security:spring-security-oauth2-authorization-server:0.2.2 and my client using org.springframework.boot:spring-boot-starter-oauth2-client. The users are able to sign in and out successfully, however, while testing I noticed that if I log in successfully then restart the client (but not the server) without signing out and try to login in again the server throws the following error in an endless loop of redirects
ANSWER
Answered 2022-Feb-05 at 14:37After trying out different solutions this was how I was able to solve it.
I changed my OAuth2AuthorizationService bean to look like this.
QUESTION
ANSWER
Answered 2022-Jan-27 at 11:29The problem was occurring because the default authentication manager wasn't working for me, I had to implement one specifically for my problem.
QUESTION
i am using the following depdendencies
...ANSWER
Answered 2022-Jan-15 at 01:34i figured out the issue, the default behaviour for spring oauth2 client is to redirect to the protected resource, in my case i restricted /foo/login endpoint but started the authentication from /login endpoint, that was the reason spring didnt redirect to the protected resource.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install oauth2-client
You can use oauth2-client like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the oauth2-client component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
