We have the access token from the Keycloak server and now we wanted to extract the user information from it .
Please guide me to get this done .
Related
I want to create a login with google option and give authorities to the user depending on the user info returned. I've successfully done what I want for login with github following this tutorial:
https://www.baeldung.com/spring-security-oauth-principal-authorities-extractor
which basically uses #EnableOAuth2Sso annotation and the following properties
security.oauth2.client.client-id
security.oauth2.client.client-secret
security.oauth2.client.access-token-uri
security.oauth2.client.user-authorization-uri
security.oauth2.client.scope
security.oauth2.resource.user-info-uri
I can't do the same for google, so the problem should be in application.properties. I register my app with google, download the json that is given to me along with id & secret, but there seems to be missing the uri for security.oauth2.resource.user-info-uri property. I've searched online for that uri and tried to run the app with some values but with no success. Am I right that I need this property and how do I find it?
You need to request this information during authorization via scopes. This information is returned in the Identity Token and not the Access Token. If you requested the identity information you can also call the Google OAuth endpoint with the Access Token which returns the Identity Token.
I have succesfully set up Google as Identity Provider in Keycloak, following the docs, and I'm now able to login to my application using keycloak.
Is there a way to get the user data from the google account that is logged in. In my application I would like to retrieve profile information like in this example and then add it later to my mappers so I could see it in my Access Token(Adding attributes in my access token is not an issue, that works fine)?
Try making a request against the userinfo endpoint
https://www.googleapis.com/oauth2/v3/userinfo?Access_token=XXX
It should work but you may have to add a profile scope to your request i cant remember.
I am targetting to secure my REST APIs by custom OAuth Authorization server of my own (NOT google, facebook etc.) by using Resource Owner Password Credentials Grant. The user would pass the credentials over SSL and would get back the Access Token and Refresh token. I followed this tutorial - http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html
However, I have few questions -
1- Is it good approach at the first place.
2- User credentials in that tutorial are passed as query parameter.
It's not the advisable approach. How can I make it a POST request.
3- I want to store credential information in Database and implement
custom authentication by validating the username/password from DB.
(As opposed to the approach in above tutorial in which the
credentials are stored in the file)
Please provide your insight. Thanks!
1) IMHO , I think use Authorization grant instead of resource owner password grant. Which do the same , and more secure then the resource owner password grant.
2) I think you can follow this tutorial to make authentication from DB.
We want Socialite (web-application name) user data to upload on IBM-Connections per user active stream.
It requires proper OAuth mechanism. To achieve this, we are working on OAuth to get OAuth Token and OAuth Secrete per IBM Connections user wise.
We created the AppID, Appkey and AppSecrete with the help of commands mention in IBM documents. http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.0+documentation#action=openDocument&res_title=Registering_an_OAuth_client_with_a_provider_ic40&content=pdcontent
Now we need requestTokenURL, authorizationURL, accessTokenURL to get the access token and access secret per IBM Connection user wise.
Please advise me.
The authorization URL should be
https://:/oauth2/endpoint/connectionsProvider/authorize
The access token URL should be
https://:/oauth2/endpoint/connectionsProvider/token
oAuth2.0 does't have the requestToken anymore. There are only to token uri's
for our test connections environment the endpoint are
https://connections4.e-office.com/oauth2/endpoint/connectionsProvider/authorize
https://connections4.e-office.com/oauth2/endpoint/connectionsProvider/token
More details you can find here, it's about smartcloud but you can find some good information
http://www-10.lotus.com/ldd/appdevwiki.nsf/xpViewTags.xsp?categoryFilter=OAuth%202.0
I'm using hybridauth library.
Hybridauth documentation says persistent sessions possible by storing the session data.
Lets say I stored users session data in my database. It contains oauth token, oauth refresh token etc..
Using oauth token, its possible to contact oauth server without asking user permissions.
Now everything fine so far. Now how exactly login the user automatically if the user logged into google?
I mean do I have to use any cookies?
I can't specifically help you on that library you are using, but have you looked at this? https://developers.google.com/accounts/docs/OAuth2Login
If you do an authorization for login as well, you'll get a token back and you can use that to get the userid of the user at Google
This field is only present if the https://www.googleapis.com/auth/userinfo.profile scope was present in the request for the access token. The value of this field is an immutable identifier for the logged-in user. Store this and you should have a durable identifier of the user.