Menu
I am using JWTTOkenStore in spring-security-oauth.
The issue I am facing is I want to add support of revoking JWT token.
I know there are other options to handle this but I am looking for this option.
I found that we can use org.springframework.security.oauth2.provider.approval.JdbcApprovalStore for the same. Is my understanding correct? I really searched on internet for some example, but I did not find any.
/**
* ApprovalStore to be used to validate and restrict refresh tokens.
*
* @param approvalStore the approvalStore to set
*/
public void setApprovalStore(ApprovalStore approvalStore) {
this.approvalStore = approvalStore;
}
Can someone please explain me briefly what is the use JdbcApprovalStore with JWTTokenStore?
827
The latest OAuth 2.0 support is provided by Spring Security. See the OAuth 2.0 Migration Guide for further details. Spring Security OAuth provides support for using Spring Security with OAuth (1a) and OAuth2 using standard Spring and Spring Security programming models and configuration idioms.
For checking oauth tokens, Spring Security oauth exposes two endpoints – /oauth/check_token and /oauth/token_key. These endpoints are protected by default behind denyAll (). tokenKeyAccess () and checkTokenAccess () methods open these endpoints for use.
We should always use the other highly secure options provided by Spring Security, the most popular of which is the BCryptPasswordEncoder, which we will be using later in our series of tutorials. To put it in the Spring context we annotate the method with @Bean.
To be able to use the UserDetailsService defined by us, it is necessary to provide a PasswordEncoder bean in the Spring context. Again, to keep it simple for now we use the NoOpPasswordEncoder.
Approval stores are used to manage the decisions (approvals) made by the users (accept or deny an app). These decisions can be stored on a db (jdbc), in memory or a third which is the TokenApprovalStore. In this one, the approvals are stored on the TokenStore itself. In your case, you would need this last one.
The use of JDBC with JWT is that, whenever a token is validated by the app, it would validate if the approval which appears inside of it is the same that the one stored on a certain place (jdbc, memory or tokenStore).
I hope this helps you, I'm just starting with OAUTH
110
answered Oct 20 '22 01:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
