Styjun

Non-deterministic Finite Automata | Sipser Example 1.16

Automatically anti-predictably assemble an alliterative aria

How are lowercase m and uppercase M used in General Chemistry I courses?

Help in identifying a mystery wall socket

Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering

Counterexample for "continuous image of closed and bounded is closed and bounded" (in normed spaces).

Jesus' words on the Jews

Why in the below sentence dative "dem" is used instead of nominative "der"?

What's tha name for when you write multiple voices on same staff? And are there any cons?

Why does the headset man not get on the tractor?

Is taking modulus on both sides of an equation valid?

correct spelling of "carruffel" (fuzz, hustle, all that jazz)

Earliest use of "rookie"?

Replace all items that are not belong to characters and numbers by ' '

return tuple of uncopyable objects

Why did the metro bus stop at each railway crossing, despite no warning indicating a train was coming?

Extracting X and Y coordinates from .gpx file using QGIS?

Does gravity affect the time evolution of a QM wave function?

LWC1513: @salesforce/resourceUrl modules only support default imports

Interior smooth regularity

What are the holes in files created with fallocate?

Was this character’s old age look CGI or make-up?

On studying Computer Science vs. Software Engineering to become a proficient coder

What information do scammers need to withdraw money from an account?

How to store Spring Boot OAuth2 logged in user in session?

SPA best practices for authentication and session managementHow to configure port for a Spring Boot applicationSpring Boot OAuth2 SSOSpring Boot Oauth2 logout endpointOAuth2 Implicit flow vs 'Traditional' session based auth for small SPASecuring Spring Boot API with oAuth2 | filter usersRestController not working in oauth2 Spring BootHow to access external URL which requires OAuth2 via Spring Boot?How to “maintain session” across clients in Oauth2 implementationSpring Boot 2 OAuth2 Resource Server Does not hit authorization server for access token validation

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I'm trying to implement Silent Authentication for my Spring Boot Authorization Server (created via @EnableAuthorizationServer) so that I can ask for new access tokens from my SPA.

I figure that to do that, I first need to somehow convince my OAuth2 Authorization Server to store logged in users in session.

I could not find any information on how to solve my problem online.
I'm guessing that the @EnableAuthorizationServer annotation somehow disables session storage but I was unable to find where that takes place.

Let's say I "log in" to my Auth Server like this:

curl -X POST 
 http://localhost:8080/oauth/token 
 -H 'Authorization: Basic Y2xpZW50OnNlY3JldA==' 
 -H 'content-type: multipart/form-data 
 -F grant_type=password 
 -F username=demo 
 -F password=demo

The above will, of course, provide me with an access token. However, I would like the Auth Server to keep the user in session so that I'm able to access the controller below WITHOUT that access token:

// This controller is in my Auth Server
@RestController
public class SecurityController 

 @GetMapping("silentauth")
 public String silentAuth(Principal principal) 
 return principal.toString();
 

The idea is, once I implement the above, I will be able to provide an endpoint for "refreshing tokens", where the Authorization Server will provide a new token only if the user is currently "logged in" to that server.

java spring spring-boot oauth-2.0 single-page-application

share|improve this question

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

add a comment | 

0

I'm trying to implement Silent Authentication for my Spring Boot Authorization Server (created via @EnableAuthorizationServer) so that I can ask for new access tokens from my SPA.

I figure that to do that, I first need to somehow convince my OAuth2 Authorization Server to store logged in users in session.

I could not find any information on how to solve my problem online.
I'm guessing that the @EnableAuthorizationServer annotation somehow disables session storage but I was unable to find where that takes place.

Let's say I "log in" to my Auth Server like this:

curl -X POST 
 http://localhost:8080/oauth/token 
 -H 'Authorization: Basic Y2xpZW50OnNlY3JldA==' 
 -H 'content-type: multipart/form-data 
 -F grant_type=password 
 -F username=demo 
 -F password=demo

The above will, of course, provide me with an access token. However, I would like the Auth Server to keep the user in session so that I'm able to access the controller below WITHOUT that access token:

// This controller is in my Auth Server
@RestController
public class SecurityController 

 @GetMapping("silentauth")
 public String silentAuth(Principal principal) 
 return principal.toString();
 

The idea is, once I implement the above, I will be able to provide an endpoint for "refreshing tokens", where the Authorization Server will provide a new token only if the user is currently "logged in" to that server.

java spring spring-boot oauth-2.0 single-page-application

share|improve this question

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

add a comment | 

I'm trying to implement Silent Authentication for my Spring Boot Authorization Server (created via @EnableAuthorizationServer) so that I can ask for new access tokens from my SPA.

I figure that to do that, I first need to somehow convince my OAuth2 Authorization Server to store logged in users in session.

I could not find any information on how to solve my problem online.
I'm guessing that the @EnableAuthorizationServer annotation somehow disables session storage but I was unable to find where that takes place.

Let's say I "log in" to my Auth Server like this:

curl -X POST 
 http://localhost:8080/oauth/token 
 -H 'Authorization: Basic Y2xpZW50OnNlY3JldA==' 
 -H 'content-type: multipart/form-data 
 -F grant_type=password 
 -F username=demo 
 -F password=demo

The above will, of course, provide me with an access token. However, I would like the Auth Server to keep the user in session so that I'm able to access the controller below WITHOUT that access token:

// This controller is in my Auth Server
@RestController
public class SecurityController 

 @GetMapping("silentauth")
 public String silentAuth(Principal principal) 
 return principal.toString();
 

The idea is, once I implement the above, I will be able to provide an endpoint for "refreshing tokens", where the Authorization Server will provide a new token only if the user is currently "logged in" to that server.

java spring spring-boot oauth-2.0 single-page-application

share|improve this question

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

curl -X POST 
 http://localhost:8080/oauth/token 
 -H 'Authorization: Basic Y2xpZW50OnNlY3JldA==' 
 -H 'content-type: multipart/form-data 
 -F grant_type=password 
 -F username=demo 
 -F password=demo

// This controller is in my Auth Server
@RestController
public class SecurityController 

 @GetMapping("silentauth")
 public String silentAuth(Principal principal) 
 return principal.toString();
 

share|improve this question

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

share|improve this question

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83

asked Mar 23 at 13:02

Daniel FrąkDaniel Frąk

83