spring-security-oauth | adding OAuth1 and OAuth2 features | OAuth library

I have the following issue where the user log in succeeds but continuously loops through a series of redirects until the browser shows: "The page isn’t redirecting properly".

I've set up my project following this Baeldung one using Spring Security 5 - Authorization Server: https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-authorization-server

The redirect loop looks like this:

• http://auth-server:9000/oauth2/authorize?response_type=code...
• http://127.0.0.1:9090/login/oauth2/code/product-client-oidc?code=... (this is the client server, the documentation suggests that the redirect /login/oauth/code is the default redirect link when successfully authenticating, so the user authentication works)
• http://127.0.0.1:9090/oauth2/authorization/product-client-oidc?error (no actual error value is sent though)

No other errors or info are shown in the logs.

Through a series of eliminations I've figured that the problem might be my implementation of the user details service, because if I eliminate it and set the Baeldung one if works. Here's my implementation:

I am using

I want to implement security on my Spring cloud gateway server by making it an oAuth2 resource server. The requests are getting authenticated against my spring security authorization server. For some requests I want to pass the userId of the authenticated user as a request header to my downstream services.

Here's my route:

In my project i have an angular app where i use https://github.com/manfredsteyer/angular-oauth2-oidc and a SpringBoot backend. In the UI i copied most of the Stuff from here https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards.

My Code works with https://demo.identityserver.io and with a local Keycloak.

I only have to change the only:

• spring.security.oauth2.resourceserver.jwt.jwk-set-uri (in the Backend)
• In the frontend "issuer: 'http://localhost:8080/realms/master'," to fit to the corresponding server

My "Dream" would be to use the spring-authorization-server. In my app i can create User dynamicly, and there for i need to be able to add this user to the authorization-server with a REST call. As fare as i understand, the spring-authorization-server code that should be ease to extend.

I copied over the spring-authorization-server code from https://www.baeldung.com/spring-security-oauth-auth-server with the base spring-authorization-server version: 0.2.0. The Server starts and my App does the Redirect to the LoginPage. When it comes back from the spring-authorization-server the angular UI OIDC code detect a problem with the "Nonce", sometimes is missing, sometimes it does not match. Unfortunately i was not able to find the reason for that behaviour :-( As my code works with the other two implementations, i suspect either a misconfiguration or a bug in the spring-authorization-server.

The documentation on spring-authorization-server is pretty slim.

Question: Does somebody know a place where a spring-authorization-server is used with a web client an OpenId Connect?

2.3.2022 Update: I open a Issue at the spring-authorization-server https://github.com/spring-projects/spring-authorization-server/issues/640 I hope this will bring some more info.

Best Regards T

I am new to springboot and trying to upgrade from 2.3.8.RELEASE to 2.4.0 and my test cases are failing. I am getting these error:

I have googled the depths of the internet, but can't find a decent answer to this anywhere. How can I access the claims within a JWT in a spring service?

We have a standalone authentication service that issues a JWT. I am building a separate spring service that needs to use this Jwt. I have the public key of the private key that was used to sign the JWT and have pieced together enough tutorials to be able to verify the JWT (with the public key) and allow access to the controllers I want.

In my service, I now need to extract the userId ​claim in the JWT (among others) so that I can call my DB with it, etc.

https://www.baeldung.com/spring-security-oauth-jwt (Section 5.1) seemed to be the most relevant search result:

I have a Spring Boot (2.5) application in which I need to make a REST call to a remote system (a Solr instance where I store a denormalized view), in which I can either create or update records.

I don't really care about the response I get (and sometimes the remote system is slow to respond), so I am making an async call like this in createIndexForTicket / updateIndexForTicket :

I have a SystemTest. This means, i start all my Applications and access them only by doing REST calls. I also create for every Test a new User.

Now i have to add Security to my Application. This will be "OpenId Connect". Currently nothing is implemented. As there are many Tutorials, i thinks the implementation will be "easy". But I am not sure how to handle my SystemTest.

I think one solution could be using the https://github.com/spring-projects/spring-authorization-server/releases/tag/0.2.0. See also https://www.baeldung.com/spring-security-oauth-auth-server#authServerImplementation

My resource server will have only this configuration

When using simple spring boot configuration with normal spring parent in pom.xml I have no problem configuring oauth2 resource server.

However with JHipster dependency management by no means i can configure it. I was trying to do it just by adding