-
Notifications
You must be signed in to change notification settings - Fork 58
How to Create Multiple Token endpoints #115
Comments
On a quick glance, at points you are using /customers and others you are using /customer instead. Should it be singular or plural? |
I changed them all to /customers but I'm now redirected to login page |
That makes sense considering your static rule: It is trying to fully authenticate you, meaning you have to login each time you want to access the page. |
But I'm sending all the required params for authentication.So it is supposed to login and return a token not showing the login page. |
Take a look at the documentation for the static rules and the filter map configuration. I'm on my phone at the moment and can't pull it up, but double check your config against it. |
It really depends on the filter chain configuration, since it may be the wrong filter (not the oauth one) that is used to attempt your login. See the documentation here: http://bluesliverx.github.io/grails-spring-security-oauth2-provider/v2/guide/gettingStarted.html#secureEndpoints, especially sections 2.3 and 2.7. 2.3 shows that you need the /oauth/token.dispatch endpoint protected (I would try this first and then /customers/oauth/token.dispatch, I don't remember if the URL matters here but I think it doesn't). 2.7 shows the |
Thanks Brian, grails.plugin.springsecurity.controllerAnnotations.staticRules = [
] grails.plugin.springsecurity.filterChain.chainMap = [ ] I had also this in the plugin url mappings file Any idea how to solve this? |
@ferasodh Can you provide a simple application that demonstrates this problem? |
I'm closing this since we are moving to a new project (https://github.com/grails-plugins/grails-spring-security-oauth2-provider). If this is still an issue, please open a new issue there. |
Hello,
I have 2 separate objects (SystemUser, Customer) in my application and system user can be a customer. I would like to create a separate token end point for each object type. Currently, this is not supported by spring security core so I created a plugin for customer token endpoint. In this plugin I setup both spring security and oauth provider. I changed endpoint path as described in the docs. Here is my config:
` grails.plugin.springsecurity.controllerAnnotations.staticRules = [
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'Customer'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'UserRole'
grails.plugin.springsecurity.authority.className = 'Role'
grails.plugin.springsecurity.oauthProvider.tokenServices.tokenEnhancerBeanNames = ['userDetailsTokenEnhancer']
grails.plugin.springsecurity.oauthProvider.tokenServices.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.tokenServices.refreshTokenValiditySeconds=120
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.refreshTokenValiditySeconds=120
// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'Client'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'AuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'AccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'RefreshToken'
grails.plugin.springsecurity.oauthProvider.tokenEndpointUrl='/customer/oauth/token'
and I added the following section to my application spring security section:
'/customers/oauth/**':['permitAll'],`Both my application and customer plugin uses a shared domain plugin. The problem is that when I requested /customer/oauth/token I get 404 error any clue how to solve this?
Thanks,
Feras
The text was updated successfully, but these errors were encountered: