Looking for some help here. We have a Spring boot web application, and trying to integrate Okta authentication.
We seem to have everything working... except, when the web.client attempts to grab the token from Okta, it's missing the "client_id" parameter in the body of the request to: https://xxxx.okta.com/oauth2/v1/token.
Cannot figure out #1, why it's missing, or #2, how to inject it.
This is a brand new project, all dependencies are 2021 Sept/Aug dates.
Anybody have any hints on what we might be missing?
after hours and hours of digging - the best way to solve a problem is ask the question of the internet, then you find it. Here it is: spring.security.oauth2.client.registration.okta.client-authentication-method=post
Related
The Spring Security example works and is clear. Vaadin has greatly improved integration with Spring security framework.
On the other side but it is not clear how the example can be modified. I made many attempts but got conflicts and errors.
I read there is no obligation to use the Vaadin Form, very well I would like to use my form, bare HTML generated with a servlet, let's say "my-login-form" endpoint. How can I actually insert it in the shown code so that Spring uses it as a login form and at the same Vaadin manages routes authorization?
Also, I would like to bypass or disable login during a test (without removing the spring-security dependency) and have all routes accessible. How can I do that?
Can anybody kindly provide an example?
I really appreciate any help you can provide.
Anybody have experience using OAuth2.0 and OAuth 1.0a client authentication in same Spring Boot application? Having some trouble getting the 2 working in the same system. Our use case -
User can connect multiple 3rd party accounts to our web app. This connection happens via OAuth, and in the case of 3rd party services that use OAuth 2.0, we have no problems. Now we want to add Twitter as a supported connection, with their OAuth 1.0a path we are having a lot of trouble getting this to work. Can only find examples of this using spring-social and that probably doesn't fit our use case as it isn't compatible with the rest of our integration paths.
Any experience or input would be greatly appreciated.
rms.
Keep in mind that OAuth 2.0 is really not backward compatible with OAuth 1.0, so you won't find a solution that will handle both versions simultaneously.
To help you understand better the difference between the two, I suggest reading How is OAuth 2 different from OAuth 1?
You would need to handle both version separately, which may lead to some pretty confusing pieces of code.
Anyhow, it's a shame that Twitter isn't migrating to OAuth 2.0 for user-based authentication, that would make everything much less complicated for you.
First off, you'll need both spring-security-oauth and spring-security-oauth2 dependencies. I suggest looking here: https://github.com/spring-projects/spring-security-oauth/tree/master/samples
There's an example for both versions.
I'm not sure how you configured your OAuth2, but since the two dependencies mentionned above do not use the same property names and OAuth2 can almost be entirely configured through the properties file, I doubt you need to worry about OAuth2's implementation.
I have an example about the implementation of OAuth2 with nearly no configuration required here https://github.com/TwinProduction/spring-security-oauth2-client-example , maybe you can start off that, add the OAuth 1.0 dependency and build your way up from there.
Good luck!
My suggestion,
Use scribe. They have done an amazing job getting the OAutdone across a large base of providers. Go to their example source code, plugin your appId and secret and you can pretty much see almost all the providers working
https://github.com/scribejava
I've been 2 days trying to understand how does Spring social works. I don't have a high Spring knowledge so i might be asking something really stupid , sorry in thath case :P. The thing is that the example provided by Spring works prefect, but when i try to do exactly the same on other project, when i try to access to /connect/facebook the browser ask me for a username and password, i dont know why.
Thanks you for your time! :P
Hehe, i think i finally found out the problem. I was importing Spring security dependencies and some other that i didn't need.
I have been searching for an example Spring Webservice which is being protected using oauth 2.0..
Looking around I found https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 but there some files seems to be missing from the project.
Two things that I am looking for is :
When user authenticates, user name and password goes to /login.do , now I can not understand how this Servlet is being configured, if its not controller. web.xml is missing.
When I try to see how beans configured then applicationContext.xml is also missing. I am not able to find those files in order to see how things are configured.
Help Required :
Should I use annotation in order to configure my web service or xml configuration. I am willing to use the latest version, and leverage advanced configurations, for better security.
I have another Single page application ( HTML5 ) , which accesses data from this spring web service, which is being hosted on Google App Engine. My ultimate objective is to create a chrome plugin of (html5) pages and use my service from there..
Please suggest a better path so that I can achieve my objectives.
Best regards,
Shashank Pratap
Apologize for late reply.
1) Regarding Oauth2.0 implementation : Since GAE does not support Servlet 3.0 therefore, developer is restricted to servlet 2.5. Therefore I found that we are restricted to 1.0.5.RELEASE. I was able to configure it successfully.
Best Practice on GAE : Rather than following this approach, I would suggest others to use Google Endpoints. As it supports oauth2.0 as well as we can develop REST API relatively quickly.
Scale ability and Response time : Since I was using Spring dependency injection along with spring security, application responded slower than the combination of Google Endpoints and Google Juice, as juice does injection just in time, where as spring prepares everything as soon as new instance starts, which created problem for me.
2) Chrome Plugin is completely different story. :-)
Please correct if I am wrong.
Thanks,
Shashank Pratap
I am writing a project using Grails and Spring Security. I want to use LDAP for it. As such, I installed the spring-security-core and spring-security-LDAP plugins. I got the login to work for spring security. I also have LDAP running and configured in Grails. I would rather not post that source, but it has the needed springsecurity.ldap.contexts/search/authorities.
The problem is I can't get it to stop searching locally. If I try to use a name from LDAP, it fails, yet if I use one from bootstrap it works. I know this has been asked before, but I looked through the answer and got a 404 for some important parts. My question is nearly identical to this person's, Although, it would seem his issue was never resolved.