stackoom
  简体   繁体   中英

Return OAuth Access Token in header or POST

 原文  2018-01-29 11:54:38       java/ spring/ oauth-2.0/ spring-security-oauth2

Question

I have an Spring OAuth2 server set up and it's working fine when the clients authenticate. The issue is that when the client is the browser the access token is show on the redirect URL on the address bar and the browser remembers it.

Is there a way for the Authentication server to send back the access token in a safer way while still redirecting.

1 answers

solution1
 0  2018-01-31 06:12:21

The OAuth 2.0 Form Post Response Mode introduces a new transport mode for the access token response based on a form POST.

To use it, it has to be implemented in your authorization server and the query parameter response_mode with the value form_post has to be understood.

As far as I know, there is no specification related to a transport using a reponse header.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring OAuth2 Access Token in HTTP Header Apache Amber: How to exchange OAuth code for an access token with Bearer Header? Spring 5, OAuth2 with Google refresh access token after 401 return OAuth 2 Access Token Caching the access token on oauth or not? Refresh Yahoo Oauth Access Token using grails-oauth plugin based on sign-post api POST header with token bearer Spring Boot 2.0.3 Oauth2 Security: Getting 401 error even when using access token in header How would one create an endpoint that accepts either a basic auth header or an oauth2 access token? Obtaining an access token in OAuth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM