stackoom
  简体   繁体   中英

Token exchange in spring oauth2 client credentials flow

 原文  2021-12-27 08:06:19       java/ spring/ spring-security/ spring-security-oauth2

Question

I have following spring security configuration:

  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: ${issuer-uri-of-identity}
      client:
        registration:
          some-app:
            client-id: ${qwerty.server.client.client-id}
            client-secret: ${qwerty.server.client.client-secret}
            scope: ${qwerty.server.client.some-app-scope}
            authorization-grant-type: client_credentials
            provider: qwerty

qwerty:
  server:
    max-clock-skew: 60
    url: ....
    scope: my-scope
    client:
      client-id: ...
      client-secret: ....
      some-app-scope: my-ticket-scope

And following configuration is used:

    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
            "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
    ...
    @Bean("someAppRestTemplate")
    @Autowired
    public RestTemplate buildRestTemplateForSomeApp(RestTemplateBuilder builder) {
        return builder
                .messageConverters(converter)
                .additionalInterceptors(Arrays.asList(contentTypeInterceptor(), oauthInterceptor("some-app")))
                .build();
    }
   ...
   private ClientHttpRequestInterceptor oauthInterceptor(String id) {
        return (r, b, e) -> {
            OAuth2AuthorizedClient client = manager.authorize(
                    OAuth2AuthorizeRequest
                            .withClientRegistrationId(id)
                            .principal(ANONYMOUS_AUTHENTICATION)
                            .build()
            );
            Assert.notNull(client, "Can not access File Storage Service");
            r.getHeaders().setBearerAuth(client.getAccessToken().getTokenValue());
            return e.execute(r, b);
        };
    }

Now I need to do impersonation. So I need to pretend as some user. I need it because of "current user" logic inside some-app application.

How can I reconfigure to achieve it?

1 answers

solution1
 0  2021-12-27 10:02:02

RFC 8693 Token Exchange was released jan 2020 and covers this feature. Spring security as of now does not support this fetaure yet, but should be released soon.

you can follow the open issue in Spring Security here:

Provide support for OAuth 2.0 Token Exchange for client

you can read more about the flow in general here on behalf of flow

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Oauth2 client credentials flow example OAuth2 client credentials flow via Spring Boot Keycloak integration spring security oauth2 client_credentials flow only Microsoft exchange - IMAP OAuth2 With client credentials Spring oauth2 /oauth/token invalid credentials Understanding OAuth2 Client credentials flow Spring Boot + Oauth2 client credentials Spring Oauth2 client and user credentials combination Oauth2 Client Credentials Flow + Spring Boot2 throwing There is no PasswordEncoder mapped > for the for the id “null” error Why Spring Boot WebClient OAuth2 (client_credentials) asks for a new token for each request?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM