Multiple OAuth2, how to implement this? - spring

I have been reading that link.
It describes how to implement interacting with a resource server through OAuth2 by adding some configuration to application.yml.
application.yml
security:
oauth2:
client:
clientId: 233668646673605
clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me
...
In that example, the client application interacts with Facebook resource server, and it is subordinated to that resource server.
If I want to have more than one resource server, I can't edit the yml, because the original configuration for facebook is present there.
In this case, how do I handle second resource server ?

You can have more than one resource server by inserting client(Facebook, Google) details in the table "oauth_client_details". Please refer this link for clear idea
http://www.baeldung.com/spring-security-oauth-dynamic-client-registration
Or
You can specify multiple clients like this
Adding more then one client to the Spring OAuth2 Auth Server

Related

How to adapt spring security to work with Ali Cloud's OAuth2 endpoint

I am trying to get spring-oauth2 to work with Ali Cloud's OAuth endpoint. I have the following in my application.yml.
security:
oauth2:
client:
registration:
alicloud:
clientId: foo
clientSecret: bar
redirectUriTemplate: "{baseUrl}/login/oauth2/code/{registrationId}"
authorizationGrantType: authorization_code
scope:
- openid
- profile
provider:
alicloud:
authorizationUri: https://signin.aliyun.com/oauth2/v1/auth
tokenUri: https://oauth.aliyun.com/v1/token
jwkSetUri: https://oauth.aliyun.com/v1/keys
Things seem to get to the point where the code needs to be exchanged for an access_token. However, DefaultAuthorizationCodeTokenResponseClient.getTokenResponse seems to package the request with HTTP Basic authentication. This works for Google and I imagine most of the rest of the big providers. But Ali Cloud's endpoint requires the client_id and client_secret in the POST body. The converter that seems to create this request is OAuth2AuthorizationCodeGrantRequestEntityConverter. It doesn't seem easy to override it.
What can I do to overcome this?

Form Based OAuth2 Resource Server

I'm trying to configure a Spring Boot 1.5.0 application with Spring Security OAuth2, and my userInfo server is form-based. I have to send the access_token in a form-urlencoded way (not in a Header like "Authorization: Bearer ...").
Debugging in my IDE, I changed the authorizationScheme to "form", on UserInfoRestTemplate just like this example below:
DefaultUserInfoRestTemplateFactory
It worked as I expected. The RestTemplate generated a "www-form-urlencoded", and the server responded with the user informations as I expected.
But now I'm not able to identify how do I make the change on application.yaml to make the same behaviour. I tryed some variations but without success (like this example below)
application.yaml
Anybody knows how's the correct way to set it up ?
Thanks in advance
Here is an example:
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
facebook:
client:
clientId: 233668646673605
clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: form
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com

spring oauth2 authorization code flow , configuration for VK (Vkontakte)

I'm using social network Vkontakte as Oauth2 authorization server. So I have several steps:
1) get code with request with request_type=code
2) get accessToken when I send request to access token uri
So I want to use Spring Oauth2, but I should get authorization code first, then access token, i've tried to add to application.yml :
authorized-grant-types: authorization_code
it's my application.yml:
security:
oauth2:
client:
clientId: [clientId]
clientSecret: [clientSecret]
accessTokenUri: https://oauth.vk.com/access_token
userAuthorizationUri: https://oauth.vk.com/authorize
tokenName: access_token
registered-redirect-uri: http://localhost:8080/login
resource:
token-info-uri: http://localhost:8080/user
but actually it doesn't help. If somebody faced it and know how to configure Spring Oauth2 app - will be grateful for help
Actually after couple days of investigation i figured out that Spring OAuth2 completely implementing all features and configuration to my client application uses the authorization code grant to obtain an access token from Vkontakte (the Authorization Server)
The only thing i need to do if i take as sample Spring Boot and OAuth2 social login simple is to populate application.yml with correct creds for my Authorization server:
security:
oauth2:
client:
clientId: xxxxxxx
clientSecret: xxxxxxxxxxx
accessTokenUri: https://oauth.vk.com/access_token
userAuthorizationUri: https://oauth.vk.com/authorize
tokenName: code
authenticationScheme: query
clientAuthenticationScheme: form
grant-type: authorization_code
resource:
userInfoUri: https://api.vk.com/method/users.get
The only problem i faced was providing correct token name and userInfoUri to retrieve logged user info.
According token name it is name of authorization code your get after passing authoriztion(response_type=token name, it calls code in my case) and use to get access token.
Hope it will be helpful people face the same problem

Spring Boot oauth2: How to set the resource parameter in the authorization request to make adfs happy?

I'm trying to set up a spring boot app that uses oauth2 with Active Directory Federation Services as the authentication provider. I started with the tutorial here...
https://spring.io/guides/tutorials/spring-boot-oauth2/
... and got the facebook example to work. Then, I started adapting it to work with ADFS. It is close to working, but ADFS expects a resource parameter to be passed with the authorization request and I can't figure out how to set it. Here's what I've got so far in the config...
security:
oauth2:
client:
clientId: spring-boot-test-client
userAuthorizationUri: https://domain/adfs/oauth2/authorize
access-token-uri: https://domain/adfs/oauth2/token
tokenName: code
authenticationScheme: query
clientAuthenticationScheme: form
grant-type: authorization_code
When I click the login link, it redirects to https://domain/adfs/oauth2/authorize?client_id=spring-boot-test-client&redirect_uri=http://localhost:8080/login&response_type=code&state=rjzfyZ
I've tried setting the security:oauth2:client:id, the security:oauth2:client:resourceids and the security:oauth2:resource:id, but none of those seemed to affect the first redirect. Any idea what I should set to get the resource included in that first redirect?
Answering my own question here... It may be a hack, but I just appended the resource to the userAuthorizationUri
security:
oauth2:
client:
clientId: spring-boot-test-client
userAuthorizationUri: https://domain/adfs/oauth2/authorize?resource=RelyingPartyTrustIdentifier
access-token-uri: https://domain/adfs/oauth2/token
tokenName: code
authenticationScheme: query
clientAuthenticationScheme: form
grant-type: authorization_code
Now, I'm getting the login form.

spring boot oaut2 properties

I'm trying to build an app that implements google oauth2 authentication with spring boot. I'm following this tutorial from the oficials spring web page. I have troubles to figure out what configuration I need to connect with google. This is the one that is used to connect with facebook (yml format):
security:
oauth2:
client:
clientId: 233668646673605
clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me
I allready have my clientId and clientSecret from google api console (also configured my redirect url), but I have no idea where the rest of the properties comes from. I'm aware that there is a java api to authenticate with google but I would prefer to do it with spring tools if posible.
I would apreciate if someone could point me to the right direction.
Thanks in advance.
Finally I could figured out where they are. In the google api console, after create your app, go to edit your app credentials and click in download json. All it is needed is there. In my case is like this.
security:
oauth2:
client:
clientId: MY_CLIENTID
clientSecret: MY_SECRET
accessTokenUri: https://accounts.google.com/o/oauth2/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
scope: email
resource:
userInfoUri: https://www.googleapis.com/plus/v1/people/me
Note that you also need to specify a scope property to make authentication api happy (yeah!!)

Resources