I'm new to Spring Security. Could anyone please let me know if MFA is possible with Spring Security and give me a few examples that already exist? Thank you for all your help.
Related
Does anyone know if there any plans for implementing JWT Authoriation Grant in Spring Authorization Server as specified in RFC here? https://www.rfc-editor.org/rfc/rfc7523.html#section-2.1
I did it myself by implementing bunch of converters and providers and customized OAuth2AuthorizationServerConfigurer but ideally I would like not need to do it by hand.
Thanks :)
Currently it's not supported. There is an issue in https://github.com/spring-projects/spring-authorization-server/issues/546
Go ahead and upvote the issue on github to give it more momentum.
I'm just wrapping my head on Oauth2. I have a Spring boot app with its own users and roles system handled by Spring Security 5. Internally I use email to identify users, I want people who registered with their gmail addresses to be able to log in through Oauth2. Or, more generally, how do I make one of my users log in to my app using Oauth2? If you need code or more information just ask. Thanks in advance.
As far as I understood your question, you are looking for a general approach to authenticate users for using your Spring Boot application with the help of OAuth2 protocol.
In your case you will probably use Google as an authentication provider and your application as resource server, according to the OAuth2 standard wording. First at all to answer your general question, there are different ways of using OAuth2 to authenticate users. A good starting points are these links:
https://www.rfc-editor.org/rfc/rfc6749
https://auth0.com
To find the proper way of implementing OAuth2 for your usecase I recommend using this decision tree: https://auth0.com/docs/api-auth/which-oauth-flow-to-use
For starting to implement OAuth2 in Spring Boot you can use several Spring Security projects with further documentation:
https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html#boot-features-security-oauth2
https://docs.spring.io/spring-security-oauth2-boot/docs/current-SNAPSHOT/reference/htmlsingle/
So far I've seen 2 ways of using OAuth in Spring security, one is the filter approach, as in https://spring.io/guides/tutorials/spring-boot-oauth2/ and the other one is through configuring HttpSecurity, as in http://www.baeldung.com/spring-security-5-oauth2-login
I wonder what's the difference/relation between these 2 methods?
Thanks in advance
Hi I am really new to Spring boot and Oauth2. I need to understand how to authenticate Spring boot web service with Oauth2 authentication with refresh token and access tokens. Likewise I need to know how to limit the access of different users (accessing resources) dynamically as well. I have searched in many articles on line and ended up with nothing that I really need to learn. I do not need SSO config with facebook or google. I want to know how to make our own authorization server.
Can anybody please help me to guide or send me a link of a useful tutorial that helps me to learn.
thank you.
This is a very open-ended question. So few links to start with:
Ok, start with OAuth2 Guide then OAuth2 Grant types. These are generic stuff you need to know.
Then In Spring Security OAuth 2 using Spring Boot .
You can basically restrict the API access in Resource Server by using a combination of OAuth scopes and Roles.
And finally, this is an amazing example which shows you how to manage OAuth clients, their grant types, tokens and so on.
Please get back with specific queries, it would be easier to help.
I m new in Spring Security SAML can someone please explain how to implement IDP initiated SSO in spring security by SAML(step by step)
whenever my IDP server is ADFS
and who will provide metadata Please help
Thanks in advance
Are you trying to write your own IdP software?
I would suggest install any open source IdP like Shibboleth and write SAML extension using Spring Security for any customization.
Or please wait for someone who has actually done it, to answer your question.
All the best!