CODEWITHSUNDEEP
springspring-bootspring-securityoauth-2.0spring-security-oauth2
AE416
AE416

Reputation: 21

Spring Boot - Manually Created Oauth Token is Invalid

I have an Authorization server that will issue tokens that I can use against my resources. However, I want my resources to make REST calls to other resources. For that, I copied this link and was able to produce a JWT Token: Need to create oAuth2 token manually without password

I noticed the tokens are slightly different when requested against rest end point and manual. e.g. Automatic

{
    "access_token":"really long string about 1000+ characters"
    "token_type":"bearer",
    "expires_in":43199,
    "scope":"read write"
}

Versus Manual

{
    "access_token": "be662sdf574-787f-4ff7-8d9b-a1ce7520sdf643d",
    "token_type": "bearer",
    "refresh_token": "8fe69sdf6cc-5d94-4d80-8b3c-736dcabsdf9f70a",
    "expires_in": 43199,
    "scope": "read write"
}

The Resource will accept the longer access_token and it can generate its own manually. I use the manually created token against the same resource server, it fails. Can someone help point out what I'm missing that's causing this invalid token? Just to re-iterate, the resource server accepts the auto generated token and not the manual

@Component
public class AccessToken{

    @Value("${signingKey}")
    private String signingKey;

    @Value("${scopeRead}")
    private String scopeRead;

    @Value("${scopeWrite}")
    private String scopeWrite;

    @Value("${resourceIds}")
    private String resourceIds;

    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(signingKey);
        return converter;
    }

    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    public OAuth2AccessToken token() {
        Map<String, String> requestParameters = new HashMap<>();
        requestParameters.put("scope", scopeWrite);
        requestParameters.put("scope", scopeRead);
        requestParameters.put("username", "user");
        requestParameters.put("client_id", "client");
        requestParameters.put("grant", "password");

        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

        Set<String> responseTypes = new HashSet<>();
        responseTypes.add("password");

        Set<String> scope = new HashSet<>();
        scope.add(scopeWrite);
        scope.add(scopeRead);

        Set<String> resourceIdSet = new HashSet<>();
        resourceIdSet.add(resourceIds);


        Map<String, Serializable> extensionProperties = new HashMap<>();

        User userPrincipal = new User("user", "", true, true, true, true, authorities);     

        OAuth2Request oAuth2Request = new OAuth2Request(requestParameters, "client",
                authorities, true, scope,
                resourceIdSet, "", responseTypes, extensionProperties);


        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userPrincipal, null, authorities);
        OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken);
        auth.setAuthenticated(true);


        OAuth2AccessToken token = tokenServices().createAccessToken(auth);


        return token;       
    }   
}

Upvotes: 1

Views: 1090

Answers (2)

khoa junior
khoa junior

Reputation: 29

@Bean
public DefaultTokenServices tokenServices() {
  DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
    defaultTokenServices.setTokenStore(tokenStore());
    defaultTokenServices.setAuthenticationManager(authenticationManager);
    defaultTokenServices.setTokenEnhancer(accessTokenConverter()); // Enables token
    defaultTokenServices.setSupportRefreshToken(true);
    defaultTokenServices.setAccessTokenValiditySeconds(3 * 30 * 86400);
    defaultTokenServices.setRefreshTokenValiditySeconds(3 * 30 * 86400);
    return defaultTokenServices;
}

i hope useful

Upvotes: 0

AE416
AE416

Reputation: 21

@Vasan - Thanks for pointing out the difference. The JWT is produced once I set the token enhancer on the DefaultTokenServices.

public DefaultTokenServices tokenServices() {
    DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
    defaultTokenServices.setTokenStore(tokenStore());
    defaultTokenServices.setTokenEnhancer(accessTokenConverter()); // Enables JWT 
    defaultTokenServices.setSupportRefreshToken(true);
    return defaultTokenServices;
}

Upvotes: 1

Related Questions