Spring Boot OAuth2 - Remember given Authorization
Question
i'm currently working on a OAuth2 Authorization Server using Spring Boot and the Spring Security OAuth2 Autoconfigure library.
Everything works so far except the fact that I need to authorize the client every time to access my protected resources. Is there any way to suppress the prompt or remember that i've already authorized the client? Adding &prompt=none to the request params of my URL didn't work as expected.
I already tried to add a custom AuthorizationRequestResolver and adding prompt=none to every request, but that didn't work also.
Thank you in advance.
1 answers
solution1
0 2022-08-04 03:37:50
Usually after you are authorized by the authorization server, as a result you get an access token. The resource server verifies against the access token to determine your client has the right to retrieve the requested resources.
With this background, one possible case is that:
Your client doesn't store the access token. So that everytime it hits the resource server, the resource server redirects the client to the authorization server to get the access token.
A solution of this is your client can store the access token. For the subsequent requests to the resources server, the access token has to be provided in an expected way. (like Aurthorization request header)
You may also find storing a refresh token is useful. Since there is no much background about your client app, cannot give a concrete recommendation for you.
If this is the case, you can log your outgoing request from the client to the resources server, you will see the access token missing in your request.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.