Andrew Kang-Ghttps://github.com/patternknife/spring-security-oauth2-password-jpa-implementation
Complete separation of the library (API) and the client for testing it
io.github.patternknife.securityhelper.oauth2.api
spring-security-oauth2-password-jpa-implementation
2.4.0
-
Set up the same access & refresh token APIs on both /oauth2/token and on our controller layer such as /api/v1/traditional-oauth/token, both of which function same and have the same request & response payloads for success and errors.
- As you are aware, the API /oauth2/token is what "spring-authorization-server" provides.
- /api/v1/traditional-oauth/token is what this library implemented manually.
Success Payload
{
"access_token" : "Vd4x8D4lDg7VBFh...",
"token_type" : "Bearer",
"refresh_token" : "m3UgLrvPtXKdy7jiD...",
"expires_in" : 3469,
"scope" : "read write"
}
Error Payload
{
"timestamp": 1719470948370,
"message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces
"details": "uri=/oauth2/token",
"userMessage": "Authentication failed. Please check your credentials.",
"userValidationMessage": null
}
-
In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be.
Authentication management based on a combination of username, client ID, and App-Token- What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared.
Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended as desired by implementing UserDetailsServiceFactory)
Provide MySQL DDL, which consists of oauth_access_token, oauth_refresh_token and oauth_client_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the authorization table indicated in https://github.com/spring-projects/spring-authorization-server.
Application of Spring Rest Docs
