Reputation: 1367
password in URL in spring security oauth2 token endpoint
I am using spring security oauth2 password grant for authenticating users with clientid/client secrets. The issue that I am facing is that the endpoint takes the password as a query parameter. This gets logged in the access logs for the server on which this service will be running. I have a wrapper over the endpoint which is internally calling the token endpoint using HTTP.
I have no control on the server and will not be able to mask password or disable access logs.
Is there any way of directly invoking the underlying endpoint controller method itself without using the REST endpoint for doing this or some other way in which the password does not need to be sent by the query parameters?
Upvotes: 1
Views: 892
Answers (1)
Reputation: 106
token endpoint accepts to get the parameters with POST method and you can then supply the content-type header as application/x-www-form-urlencoded and the parameters as x-www-form-urlencoded params
Upvotes: 1
Related Questions
- Spring Security OAuth2 - Add parameter to Authorization URL
- How to configure Spring Security URL authorisation?
- Spring security with oauth2 adding additional parameters to authorization URL?
- Spring Security pass URL parameters to Authentication Provider
- Spring security oauth2 - Can't access /oauth/token route
- Spring Security Oauth 2 custom token end point url
- password for oauth token endpoint
- Hide password in Oauth2 token request URL
- Oauth2 Request Token using Spring Security
- How to apply spring security oauth 1.0 to sepcific URLs