I am using spring boot security and spring boot keycloak starter to secure rest APIs and authenticate users.
My first question is how to handle access token expiration if user's session is still valid.
The second question is getting the access token from keycloak into spring boot app is done by calling this line
AccessTokenResponse response = authzClient.obtainAccessToken(username, password);
in the same way how to call refresh token api
Related
is there any way to restrict the token if user logout.
I did followed this solution for Spring boot 3 with keycloak Use Keycloak Spring Adapter with Spring Boot 3
After user logout from keycloak the token should become invalid automatically.
What are you using on the client side and how you are performing logout?
I'm using spring boot oauth2 client for oauth2 purpose. Right now my application is automatically refreshing the access token after the token is expired as I'm using OAuth2AuthorizedClientManager. I wanted to know if there is a way to refresh the access token manually and store the updated token to spring boot credential store so all the APIs can use that.
I have already checked this post which is similar but not duplicate. Refresh OAuth2 access token manually
Appreciate any help.
Currently, I am Using Spring Security with LDAP authentication. But I want to Create one Rest API which will do LDAP authentication and will then I will generate JWT token so for upcoming request I can valid JWT tokens.
Any suggestions to achieve this ?
I have followed below URL to configure SAML SSO to the existing spring boot application, which already have User name - password authentication and JWT authorization for APIs.
https://github.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot
Also in onSSOSuccessHandler() I have generated custom JWT token and returned to the Angular front end as cookie. The JWT token expiry set for 1 Hour. The spring boot application is configured with stateless session policy.
On JWT token expiry how we can refresh the token by validating the SSO session? Do we have to call /saml/login endpoint on token expiry?
I have JWT token which is RSA256 signed. I need to validate this token in my my microservice.
Can anyone give a example of how to implement this using Spring Security.
You can setup a springboot resource server to handle the JWT token and security. Check spring document for resource server