Reputation: 3168
How to generate Client Secret in OAuth2 Authentication using Spring
I am working on creating api for OAuth2 using Spring for my application but there is nothing written in the specification (https://www.rfc-editor.org/rfc/rfc6749) nor in Spring OAuth2 Documentation about how to generate client secret.
Do anyone have any idea?
Upvotes: 0
Views: 5499
Answers (1)
Reputation: 729
Spring uses PasswordEncoder for decoding/encoding clients secrets. See the JdbcClientDetailsService (if you're planning to store client details in DB).
So when configuring beans for Spring OAuth2 you typically provide an instance of PasswordEncoder for the ClientDetailsService.
Typical case is to use the BCryptPasswordEncoder. So before putting encoded client secret into database column you can write a sample program to generate it:
String password = "testPassword";
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(password);
Upvotes: 3
Related Questions
- How to generate client-id & client-secret in spring-boot and store in database?
- Spring Security OAuth 2.0 - client secret always required for authorization code grant
- OAuth storing client id and secret in database
- oAuth2 client with password grant in Spring Security
- How authorize in Spring OAuth2 by client_id and secret only?
- How to Secure Oauth 2.0 Client ID and Client Secret
- ResourceOwnerPasswordResourceDetails - Pass clientid and secret to generate oauth2 token
- How do I implement the client_credentials grant for my OAuth2 Client
- How proper configure Spring Security OAuth 2.0 Client Credentials?
- Spring Security OAuth2 server side, how to require client_id and client_secret on all request