-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh Token in tut-spring-security-and-angular-js/oauth2-vanilla/ #140
Comments
This used to work. There was a change in Spring Boot (1.4 I think) where it stopped creating an @Bean
protected OAuth2RestTemplate OAuth2RestTemplate(
OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
} then it gets injected into the |
@dsyer I can't solve the problem by adding above snippet. I'm currently using with spring-boot version 1.5.4.RELAEASE . The error log was ....
I'm working with JDBC TokenStore with |
How didn't you test it? Where did the log come from? |
I also recently tried the solution above that creates the I'm not very familiar with the logic of Spring OAuth2, but I did debug down to We are using our own custom |
@dsyer
When restarting my Oatuh2 server on my development environment with H2 JDBCTokenStore. I'm running a SPA behind Zuul, where Zuul ist the SSOClient. On my SPA I only get the 401 response and I'm not able to clear the JSESSIONID as it's http only. So I need a way that Zuul is redirecting me to the login page or is obtaining a new token. I tried to add the Oauth2RestTemplate mentioned above, without success. |
@HJK181 that's a JWT token so the JDBCTokenStore won't help you. Probably better to ask a question on Stack Overflow (this issue is closed and doesn't seem particularly relevant). |
May I ask you one last question here? Isn't it possible to use a JDBCTokenStore with JWT? I have the following Oauth2 configuration:
For me it seems to work fine, I also checked the OAUTH_ACCESS_TOKEN and OAUTH_REFRESH_TOKEN tables which contain proper tokens (I assume from the Zuul SSOClient?). However the exception is printing a JWT as you said. Do I mix something up? Thanks in advance. |
I suppose there's nothing stopping you from storing a JWT in a database. But why would you do that? Anyway, this is not the right forum to be discussing it. |
@lthomassin Is this issue solved? If yes, how? |
Dear all,
I have question regarding the code of this tutorial tut-spring-security-and-angular-js/oauth2-vanilla/
If in the file application.properties of the project authserver I add these lines:
security.oauth2.client.accessTokenValiditySeconds: 10
security.oauth2.client.refreshTokenValiditySeconds: 60
security.oauth2.client.supportRefreshToken: true
After a normal login. I perform some browser refresh during 10 seconds. I have the normal "Hello World" message but after the token expiration, I have an HTTP 401 error. It's seems the refreshToken is not used by the zuul gateway to obtain a new access token.
If it's possible to do that direclty with the zuul gateway?
Thanks for your help.
The text was updated successfully, but these errors were encountered: