spring-security-oauth2

Spring Boot OAuth2 Single Sign Off (Logout)

by

After a lot of tests I have realized that this can be solved just with a redirect to the AuthServer and doing logout programmatically like this: In the client app (WebSecurityConfigurerAdapter): @Override protected void configure(HttpSecurity http) throws Exception { http .logout() .logoutSuccessUrl(“http://your-auth-server/exit”); } In the authorization server: @Controller public class LogoutController { @RequestMapping(“/exit”) public void … Read more

CORS issue with Google Oauth2 for server side webapps

by

When you use the Authorization code grant (OAuth2 for backend apps – &response_type=code), you must redirect the browser to the /auth endpoint – you cannot use XHR for that. The user will be redirected back after authentication. After redirecting to the /auth endpoint, user needs to see in an address bar that the page is … Read more

can I include user information while issuing an access token?

by

You will need to implement a custom TokenEnhancer like so: public class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { User user = (User) authentication.getPrincipal(); final Map<String, Object> additionalInfo = new HashMap<>(); additionalInfo.put(“customInfo”, “some_stuff_here”); additionalInfo.put(“authorities”, user.getAuthorities()); ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken; } } and add it to your AuthorizationServerConfigurerAdapter as a bean … Read more