Reputation: 27
Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
I'm using "client-credentials" grant type for the rest calls that I make from front-end service to other back-end services. Client-credentials grant type is being used among other back-end services as well. By doing so, I am not able to get who is the actual invoker (currently logged in user) of a request. Is there a way to inject authentication and authorization info of the principal to the token that is being issued in the client-credentials grant? (user info means the id or details of the user who has the client credentials).
I can add some custom data to the token by using a custom token enhancer. But I couldn't find out how we can get it in the principal(SpringSecurityPrincipal springSecurityPrincipal = (SpringSecurityPrincipal)oAuth2Authentication.getPrincipal();), normally in the password flow we can achieve this by using custom AuthenticationProvider implementation like that is there any class that I can implement and use to add custom principal?
Thanks for the help.
Upvotes: 3
Views: 699
Answers (1)
Reputation: 3782
You could create a custom UserDetailsService and create a custom Principal according to your requirements. You might pick some ideas from here: Authentication with a Database-backed UserDetailsService
Upvotes: 0
Related Questions
- Spring Boot + Oauth2 client credentials
- Spring OAuth2 pass Client-Id to get UserInfoUri
- Getting Principal from DB by Spring Boot OAuth2 login
- Spring OAuth2 Security - Client Credentials - Custom AuthenticationProvider
- Spring Security OAuth2 clientId and clientSecret
- Spring OAuth2 - User info in Client Credentials grant type
- How to get custom user info from OAuth2 authorization server /user endpoint
- Spring OAuth2 ClientId passed in as username for password grant type
- Spring security client detail is going as user detail in DaoAuthenticationProvider
- Spring security oauth2 - getting custom data from OAuth2 principal