Reputation: 1083
Skip OAuth user approval in Spring Boot OAuth2
I just want to know if there is any way to skip User approval screen in Spring Boot - Spring Security OAuth2. I heard about custom user approval handler but I am quite not sure how to override it to disable user approval process and do a direct redirect.
Thanks
Upvotes: 15
Views: 15583
Answers (4)
Reputation: 89294
For the newer spring-security-oauth2-authorization-server, the configuration would be as follows:
@Bean
public RegisteredClientRepository registeredClientRepository() {
final RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
// other settings...
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
.build()
return new InMemoryRegisteredClientRepository(registeredClient);
}
Upvotes: 1
Reputation: 1
set property auto-approve-scopes: '.*' in application.yml
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
seee also https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_authserver
Upvotes: 0
Reputation: 1977
This is how I changed it in my JHipster application:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jhipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.autoApprove(true)
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token")
.secret(jhipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jhipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
Upvotes: 2
Reputation: 58094
You don't need a custom handler to skip approval (since 2.0 anyway). You just set the autoApprove flag in the client details to "true" (or a list of scope patterns to auto approve).
Upvotes: 21
Related Questions
- Ignore authorization for some endpoints in Spring Boot
- OAuth2 SSO with Spring Boot without the authorization screen
- How to skip the consent step with Spring Security OAuth2
- disable confirmation page in Spring OAuth2
- Spring boot 1.5 disable oauth2 security
- Disable/enable OAuth2 without two security configurations
- Spring Security: OAuth 2.0 Login: Bypass login page
- Disabling authentication in “OAUTH2” enabled boot application
- exclude spring oauth2 configuration
- How to bypass access confirmation step in Spring security OAuth2 if user has previously authorized access?