Spring Security Oauth2 Password JPA Implementation

This content originally appeared on DEV Community and was authored by Andrew Kang-G

https://github.com/patternknife/spring-security-oauth2-password-jpa-implementation

• Complete separation of the library (API) and the client for testing it
  
  io.github.patternknife.securityhelper.oauth2.api
  spring-security-oauth2-password-jpa-implementation
  2.4.0
  

• Set up the same access & refresh token APIs on both /oauth2/token and on our controller layer such as /api/v1/traditional-oauth/token, both of which function same and have the same request & response payloads for success and errors.

  • As you are aware, the API /oauth2/token is what "spring-authorization-server" provides.
  • /api/v1/traditional-oauth/token is what this library implemented manually.

Success Payload
{
"access_token" : "Vd4x8D4lDg7VBFh...",
"token_type" : "Bearer",
"refresh_token" : "m3UgLrvPtXKdy7jiD...",
"expires_in" : 3469,
"scope" : "read write"
}
Error Payload
{
"timestamp": 1719470948370,
"message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces
"details": "uri=/oauth2/token",
"userMessage": "Authentication failed. Please check your credentials.",
"userValidationMessage": null
}

• In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be.
  Authentication management based on a combination of username, client ID, and App-Token

  • What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared.

• Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended as desired by implementing UserDetailsServiceFactory)

• Provide MySQL DDL, which consists of oauth_access_token, oauth_refresh_token and oauth_client_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the authorization table indicated in https://github.com/spring-projects/spring-authorization-server.

• Application of Spring Rest Docs

This content originally appeared on DEV Community and was authored by Andrew Kang-G

Print Share Comment Cite Upload Translate Updates

APA

Andrew Kang-G | Sciencx (2024-07-16T14:54:57+00:00) Spring Security Oauth2 Password JPA Implementation. Retrieved from https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/

MLA

" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx - Tuesday July 16, 2024, https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/

HARVARD

Andrew Kang-G | Sciencx Tuesday July 16, 2024 » Spring Security Oauth2 Password JPA Implementation., viewed ,<https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/>

VANCOUVER

Andrew Kang-G | Sciencx - » Spring Security Oauth2 Password JPA Implementation. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/

CHICAGO

" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx - Accessed . https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/

IEEE

" » Spring Security Oauth2 Password JPA Implementation." Andrew Kang-G | Sciencx [Online]. Available: https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/. [Accessed: ]

rf:citation

» Spring Security Oauth2 Password JPA Implementation | Andrew Kang-G | Sciencx | https://www.scien.cx/2024/07/16/spring-security-oauth2-password-jpa-implementation/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.