I am spring newbie
I've implemented OAuth2 implicit flow using spring security. The question is how to check token validity? I've found oauth/check_token
endpoint but first I wasn't able to reach it. Then I've made the following change:
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
oauthServer.checkTokenAccess("permitAll()");
}
After the configuration I can use check_token
endpoint but I wonder if it is correct to use permitAll
on the endpoint. I've tried to change it to isAuthenticated
but in that case I am not able to reach the endpoint because I don't store client_secret on my frontend app.
Should I continue use permitAll
or there is better way?
You should check access while using oAuth.
Try below code if works,
@Override
public void configure(
AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
If doesn't, please share your security related snippets. Happy coding :)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.