Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add configuration support for Opaque Token authentication

See original GitHub issue

In Spring Security 5.2.0.M2, users can configure the OAuth 2.0 Resource Server to validate opaque tokens through Introspection:

http
    .oauth2ResourceServer()
        .opaqueToken();

It would be nice if this could be property-driven, e.g.:

spring:
  security:
    oauth2:
      resourceserver:
        opaque-token:
          introspection-uri: https://endpoint
          client-id: client_id
          client-secret: client_secret

Then, Spring Boot could register an instance of OAuth2TokenIntrospectionClient:

@Bean 
public OAuth2TokenIntrospectionClient introspectionClient() {
    return new NimbusOAuth2TokenIntrospectionClient(uri, clientId, clientSecret);
}

Note that this configuration is only valid if OAuth2IntrospectionAuthenticationToken is on the classpath.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:12 (11 by maintainers)

github_iconTop GitHub Comments

1reaction
mbhavecommented, Apr 17, 2019

@jzheaux mentioned that they’re looking at finding a new home for client id and secret. I’ll mark this one as blocked till then.

0reactions
mbhavecommented, May 31, 2019

That makes sense to me. I’ve unblocked the issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

OAuth 2.0 Resource Server Opaque Token :: Spring Security
Once a token is authenticated, an instance of BearerTokenAuthentication is set in the SecurityContext . This means that it's available in @Controller methods ......
Read more >
JWT vs Opaque Access Tokens: Use Both With Spring Boot
Configure Spring Security to Validate JWTs and Opaque Tokens. Everything up until now has been boilerplate, now we get to the fun part!...
Read more >
Build a Spring Boot Application That Uses BOTH Opaque and ...
Learn how to get the benefits from both JWT and opaque access tokens in your Spring Boot application in this tutorialCode on GitHub: ......
Read more >
OAuth 2.0 Resource Server With Spring Security 5 - Baeldung
Learn how to configure a Spring Security based resource server application for validating JWT as well as opaque tokens.
Read more >
Opaque Token Implementation in spring security
Hello, thank you for the answer yes i am trying to secure my endpoint using opaque tokens i've found this method by using...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Fix broken Appendix links due to section overhaul

Next page

Spring Data JPA starter appears to be missing `javax.interceptor-api`