Spring Security Oauth2 Password JPA Implementation

https://github.com/patternknife/spring-security-oauth2-password-jpa-implementation

Complete separation of the library (API) and the client for testing it

io.github.patternknife.securityhelper.oauth2.api
spring-security-oauth2-password-jpa-implementa…


This content originally appeared on DEV Community and was authored by Andrew Kang-G

https://github.com/patternknife/spring-security-oauth2-password-jpa-implementation

  • Complete separation of the library (API) and the client for testing it

    io.github.patternknife.securityhelper.oauth2.api
    spring-security-oauth2-password-jpa-implementation
    2.4.0

  • Set up the same access & refresh token APIs on both /oauth2/token and on our controller layer such as /api/v1/traditional-oauth/token, both of which function same and have the same request & response payloads for success and errors.

    • As you are aware, the API /oauth2/token is what "spring-authorization-server" provides.
    • /api/v1/traditional-oauth/token is what this library implemented manually.

Success Payload
{
"access_token" : "Vd4x8D4lDg7VBFh...",
"token_type" : "Bearer",
"refresh_token" : "m3UgLrvPtXKdy7jiD...",
"expires_in" : 3469,
"scope" : "read write"
}
Error Payload
{
"timestamp": 1719470948370,
"message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces
"details": "uri=/oauth2/token",
"userMessage": "Authentication failed. Please check your credentials.",
"userValidationMessage": null
}

  • In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be.
    Authentication management based on a combination of username, client ID, and App-Token

    • What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared.
  • Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended as desired by implementing UserDetailsServiceFactory)

  • Provide MySQL DDL, which consists of oauth_access_token, oauth_refresh_token and oauth_client_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the authorization table indicated in https://github.com/spring-projects/spring-authorization-server.

  • Application of Spring Rest Docs


This content originally appeared on DEV Community and was authored by Andrew Kang-G


Print Share Comment Cite Upload Translate Updates
APA

Andrew Kang-G | Sciencx (2024-07-16T14:54:57+00:00) Spring Security Oauth2 Password JPA Implementation. Retrieved from https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/

MLA
" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx - Tuesday July 16, 2024, https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/
HARVARD
Andrew Kang-G | Sciencx Tuesday July 16, 2024 » Spring Security Oauth2 Password JPA Implementation., viewed ,<https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/>
VANCOUVER
Andrew Kang-G | Sciencx - » Spring Security Oauth2 Password JPA Implementation. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/
CHICAGO
" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx - Accessed . https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/
IEEE
" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx [Online]. Available: https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/. [Accessed: ]
rf:citation
» Spring Security Oauth2 Password JPA Implementation | Andrew Kang-G | Sciencx | https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.