cubetiq/spring-authorization-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update sample to use OpenID Connect and Provider Configuration endpoint

Browse Source 
Issue gh-53 gh-55
This commit is contained in:
Joe Grandja 2020-12-10 15:46:56 -05:00
parent f2bb523105
commit 668bb069f2
4 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
View File

@ -23,9 +23,11 @@ import org.springframework.security.crypto.key.CryptoKeySource;
import org.springframework.security.crypto.key.StaticKeyGeneratingCryptoKeySource;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
import java.util.UUID;
@ -45,8 +47,11 @@ public class AuthorizationServerConfig {
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://localhost:8080/login/oauth2/code/messaging-client-oidc")
.redirectUri("http://localhost:8080/authorized")
.scope(OidcScopes.OPENID)
.scope("message.read")
.scope("message.write")
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
@ -59,4 +64,9 @@ public class AuthorizationServerConfig {
public CryptoKeySource keySource() {
return new StaticKeyGeneratingCryptoKeySource();
}
@Bean
public ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://auth-server:9000");
}
}

6
samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java
View File

@ -40,10 +40,10 @@ public class SecurityConfig {
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests.anyRequest().permitAll()
authorizeRequests.anyRequest().authenticated()
)
.logout()
.disable()
.oauth2Login(oauth2Login ->
oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))
.oauth2Client(withDefaults());
return http.build();
}

13
samples/boot/oauth2-integration/client/src/main/resources/application.yml
View File

@ -16,6 +16,14 @@ spring:
oauth2:
client:
registration:
messaging-client-oidc:
provider: spring
client-id: messaging-client
client-secret: secret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
scope: openid
client-name: messaging-client-oidc
messaging-client-authorization-code:
provider: spring
client-id: messaging-client
@ -23,16 +31,17 @@ spring:
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/authorized"
scope: message.read,message.write
client-name: messaging-client-authorization-code
messaging-client-client-credentials:
provider: spring
client-id: messaging-client
client-secret: secret
authorization-grant-type: client_credentials
scope: message.read,message.write
client-name: messaging-client-client-credentials
provider:
spring:
authorization-uri: http://auth-server:9000/oauth2/authorize
token-uri: http://auth-server:9000/oauth2/token
issuer-uri: http://auth-server:9000
messages:
base-uri: http://localhost:8090/messages

2
samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml
View File

@ -14,4 +14,4 @@ spring:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://auth-server:9000/oauth2/jwks
issuer-uri: http://auth-server:9000