Menu
context: I'm trying to play with google playlists, just list them now
curl \
'https://www.googleapis.com/youtube/v3/playlists?part=snippet%2CcontentDetails&maxResults=25&mine=true&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
So I've got google login set up with Spring Boot 2.1.6, as follows (it works)
spring.security.oauth2.client.registration.google.client-id=...
spring.security.oauth2.client.registration.google.client-secret=...
spring.security.oauth2.client.registration.google.redirect-uri=http://localhost:8080/login/oauth2/code/google
spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
spring.security.oauth2.client.provider.google.user-info-uri=https://openidconnect.googleapis.com/v1/userinfo
spring.security.oauth2.client.provider.google.jwk-set-uri=https://www.googleapis.com/oauth2/v3/certs
spring.security.oauth2.client.provider.google.issuer-uri=https://accounts.google.com
spring.security.oauth2.client.registration.google.scope=profile,https://www.googleapis.com/auth/youtube
according to google google docs I should get an access/authorization token back during the requests spring makes. How can I retrieve this token so I can make further calls to API's such as youtube?
900
1-The user sends his credentials (username and password) to the server. 2-The server authenticates the credentials and generates a token. 3-The server stores the previously generated token in some storage along with the user identifier and an expiration date. 4-The server sends the generated token to the user.
from @jgrandja https://github.com/spring-projects/spring-security/issues/7088#issuecomment-511820737
No, it doesn't get wiped out. You can retrieve the
OAuth2AuthorizedClientvia theOAuth2AuthorizedClientRepositoryorOAuth2AuthorizedClientService. TheOAuth2AuthorizedClientcontains theOAuth2AccessTokenand optionalOAuth2RefreshToken. See the ref doc for further info.
Also, a more convenient way of obtaining the
OAuth2AuthorizedClientis via @RegisteredOAuth2AuthorizedClient.
I encourage you to read the ref doc as there is quite a bit of info there that will likely answer your questions.
- OAuth 2.0 Client
- OAuth 2.0 Login
171
If Spring Security is configured for an OAuth 2.0 Login, the OAuth2LoginAuthenticationFilter uses HttpSessionOAuth2AuthorizedClientRepository (by default) to store the authenticated user in the session. Although the Authentication object (OAuth2AuthenticationToken) unfortunately does not have the raw token, you should be able to extract it from the client that's been saved in the session:
String attributeName = HttpSessionOAuth2AuthorizedClientRepository.class.getName()
+ ".AUTHORIZED_CLIENTS";
Map<String, OAuth2AuthorizedClient> authorizedClients = request.getSession()
.getAttribute(attributeName);
OAuth2AuthorizedClient client = authorizedClients.get("google");
String token = client.getAccessToken().getTokenValue();
Although this should work, it is very brittle. Hopefully there's another solution that doesn't involve swapping in custom implementations into the security framework.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
