Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provide Cookie implementation of AuthorizationRequestRepository
See original GitHub issueWe should consider providing a Cookie based implementation of AuthorizationRequestRepository.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:50
- Comments:17 (9 by maintainers)
Top Results From Across the Web
Spring Security 5 Stateless OAuth2 Login - how to implement ...
Spring Security 5 Stateless OAuth2 Login - how to implement cookies based AuthorizationRequestRepository · Ask Question. Asked 4 years, 9 months ...
Read more >Stateless OAuth2 Social Logins with Spring Boot - Jessy
This can be done by providing a custom implementation of AuthorizationRequestRepository<OAuth2AuthorizationRequest> , like so:
Read more >31. OAuth 2.0 Login — Advanced Configuration - Spring
If you would like to provide a custom implementation of AuthorizationRequestRepository that stores the attributes of OAuth2AuthorizationRequest in a Cookie ...
Read more >spring-projects/spring-security-oauth - Gitter
I'd like to provide both an authorization server and rest api from the same ... use custom AuthorizationRequestRepository implementation that uses cookies ......
Read more >Develop a REST-Service Secured With OAuth2, Bitbucket and ...
Cookie -based authorization works like this: A user is logged in by providing credentials. A server creates HTTP-session and associates it with ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Sure the reason is microservices applications, today the best way of handling this type of apps is making them stateless so any app can respond to any request.
The authorization can be easily saved and restored from a jwt cookie thats better than having a session because for sessions I need an extra component like a redis cache, that means more infrastructure, more points of failure and the posiblility of conflicts between sessions, problems that could be easily solved by replacing a couple lines of code.
Also that allows me to link an external frontend more easily just by passing the jwt cookie that is a standard in the industry.
I would love to help I was looking at the example of @naturalprogrammer in this links: link 1, link 2 but found out that storing the OAuth2AuthorizationRequest is not enough and I would prefer to do the implementation with a jwt cookie saving and restoring the security context, haven’t got till there yet.
This feature will not be implemented for the reasons mentioned in this comment. If an application requires this, it would be fairly trivial to implement a custom
AuthorizationRequestRepository, please see gh-8621.