Search:

@caseylucas, here is the error handler that I eventually implemented to deal with this:


import com.acme.api.ApiException;
import org.apache.commons.lang.StringUtils;
import...

Thanks Dave, that is very helpful. The reason I am not using the implicit grant is that token requests for the api use a jwt bearer token flow, and I am building a sandbox that allows developers to...

I am building a javascript sandbox for a rest api that uses spring-security-oauth for authorization. I'd like to be able to make a request to the authorization server token endpoint and get back a...

I am interested in implementing a JWT Bearer Token flow as well. Has a jira ticket already been created for this feature?

I want to distinguish the incoming message based on the message content (not content type). If error_type is one of the ones that is known about by the deserializer (invalid_client, invalid_token,...

Thanks for your response.

As you stated, I would like the OAuth2 related exceptions to be handled by the OAuth2ErrorHandler, and anything else to go to the custom handler.

I think what would...

I've written a custom ResponseErrorHandler and configured it on an OAuth2RestTemplate. I am making calls to an Spring OAuth2 resource. In addition to Spring OAuth2 errors, the resource endpoints...

Great, that worked. Thanks so much for your help.

So I've spent some time looking through the cloud foundry login-server and uaa code. I'm not totally sure I am understanding your suggestion correctly. Hopefully you can shed more light.

I've...

Thanks for your reply and suggestions. I will have a look at that code and go from there.

I have a rest api resource that uses spring security oauth2 for authorization. This is an external api for third party clients to use. This resource will be making calls to internal resources that...

Just a quick follow-up on this issue in case it helps someone else. Instead of using a different address, the session cookie name can be changed from the default (usually jsessionid) on the...

I finally figured this out. In my dev environment I am running the resource server, the authorization server and the client web application on separate ports on the same machine in different jetty...

done: SECOAUTH-346

I am working on updating from 1.0.0M6d to 1.0.0RC3. In my client I have the following oauth:resource defined:



<oauth:resource id="service" type="authorization_code" client-id="client"...

Here is the client spring context configuration. Note that I am using oauth:rest-template. The only difference between the working configuration and the one that triggers the CSRF protection is that...

I've spent some more time characterizing this issue, so I can provide a few more details and hopefully resolve it.

The error that I get on the client side, after authorizing the client application...

Just to clarify my understanding, for a clustered authorization server, if we enable sticky sessions, we don't have to worry about implementing a shared SessionAttributeStore, but we still would need...

Thanks. I switched to the jdbc token store implementation and was able to separate out the auth / resource server for sparklr / tonr.

I am running into something odd, though. I am running each...

Another question... if I split the authorization and resource server for sparklr2 and run them in different app servers, do I need to use a different token store implementation besides...

great, thanks for the quick reply

Is this the corresponding stand alone authorization server? https://github.com/cloudfoundry/uaa/blob/master/samples/login/src/main/webapp/WEB-INF/spring-servlet.xml