Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there working example of OAuth2 with WebFlux

I'm trying to add OAuth2 to WebFlux and can't find any working example.

To Implement own Authorization Server I use such code:

@EnableAuthorizationServer
@Configuration
public class ServerAuth extends AuthorizationServerConfigurerAdapter {
...
}

And my spring boot application stops working because inside AuthorizationServerConfigurerAdapter class there's usage of AuthorizationServerSecurityConfigurer which depends of javax.servlet.Filter but in the WebFlux application, there're no Servlet filters.

Also AuthorizationServerEndpointsConfigurer expects to be initialized with UserDetailsService (old non reactive api) not reactive UserDetailsRepository

Is it possible to use oauth2 in the current WebFlux application if yes could you show the example.

Thanks

like image 498
Max Grigoriev Avatar asked Oct 17 '17 20:10

Max Grigoriev


People also ask

What is OAuth2 example?

OAuth 2.0 allows users to share specific data with an application while keeping their usernames, passwords, and other information private. For example, an application can use OAuth 2.0 to obtain permission from users to store files in their Google Drives. This OAuth 2.0 flow is called the implicit grant flow.

How does OAuth2 2.0 work in spring boot?

Spring Security OAuth2 − Implements the OAUTH2 structure to enable the Authorization Server and Resource Server. Spring Security JWT − Generates the JWT Token for Web security. Spring Boot Starter JDBC − Accesses the database to ensure the user is available or not. Spring Boot Starter Web − Writes HTTP endpoints.

Does spring boot support OAuth2?

springframework. boot:spring-boot-starter-oauth2-client . This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients. You can read about how to configure client in the Spring Boot reference documentation.

How will you implement OAuth2 in spring boot Microservices?

User login into the system using basic authorization and login credentials. User will got token if user basic auth and login credentials is matched. Next, user send request to access data from service. the API gateway recive the request and check with authorization server.


1 Answers

Authorization server webflux support is yet to be implemented by the spring security team.

currently they have the resource server webflux support as the other answers mentioned. However, they mention here that they are working on Authorization server and based on this, it should be out soon:

The OAuth 2.0 support is currently underway in Spring Security 5 with new Client support. The plan is to also provide support for Resource Server by mid-2018 and Authorization Server by the end of 2018 or early 2019. Our goal is to provide extensive support for OAuth 2.0 Core and Extensions, OpenID Connect 1.0, and Javascript Object Signing and Encryption (JOSE).

source: https://spring.io/blog/2018/01/30/next-generation-oauth-2-0-support-with-spring-security

so for now we are stuck with the servlet OAuth2 server which if you use JWT tokens should be good enough if you ask me.

Cheers!

like image 107
Bashar Ali Labadi Avatar answered Sep 24 '22 08:09

Bashar Ali Labadi