I'm working with a Spring Boot + Spring Security OAuth2 application that I believe was inspired by examples from Dave Syer. The application is configured to be an OAuth2 authorization server, with a single public client using the Resource Owner Password Credentials flow. A successful token is configured to be a JWT.
The public Angular client sends a POST request to /oauth/token with a basic auth header containing the client id and secret (this was the easiest way to get the client to authenticate, even though the secret is not private). The body of the request contains username, password, and grant type of "password".
In addition to being an authentication server, the application is a RESTful resource server for users, teams, and organizations.
I'm trying to add an additional SSO authentication flow using Spring Social. I've got Spring Social configured to authenticate through external providers via /auth/[provider]; however, following requests no longer have the SecurityContext correctly set. Possibly, Spring Security OAuth server or client is overriding the SecurityContext?
If I can get the SecurityContext correctly set after the Spring Social flow, I've got a new TokenGranter that allows a new grant type of "social" that would check the SecurityContextHolder for the pre authenticated user.
I'm interested in both a solution to my specific problem with the SecurityContext (I believe it's an issue with Spring OAuth + Social integration), or a different approach for authenticating with external providers and getting a valid JWT from our own auth server.
Thanks!
Best Answer
I had a similar problem on a JHipster-generated web application. Finally I decided to go with the
SocialAuthenticationFilter
option from Spring Social (via theSpringSocialConfigurer
). After a successful social login, the server automatically generates and returns the "own" access token via redirection to the client app.Here's my try:
And the
SocialAuthenticationSuccessHandler
class:This way your client app will receive your web app's access token via redirection to
/#/login?access_token=my_access_token&expires_in=seconds_to_expiration
, as long as you set the correspondingREDIRECT_PATH_BASE
inSocialAuthenticationSuccessHandler
.I hope it helps.