CODEWITHSUNDEEP
javaspringoauth-2.0jwt
jhon
jhon

Reputation: 3

OAuth2 Authentication server access token form JWT token to OAuth Token

Is it possible the changes the token form JWT token to OAuth2 token.

Sample code from Daily Code BUffer https://github.com/shabbirdwd53/spring-security-tutorial/blob/main/Oauth-authorization-server/src/main/java/com/dailycodebuffer/oauthserver/config/AuthorizationServerConfig.java

 @Bean
    public JWKSource<SecurityContext> jwkSource() {
        RSAKey rsaKey = generateRsa();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
    }

    private static RSAKey generateRsa() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        return new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

/oauth2/token endpoint

{
    "access_token": "eyJraWQiOiI3MzA5MmI1Yy00MDc0LTRkZjktOTdhNS1kMzA3N2E4NDNhYzciLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjbGllbnQiLCJhdWQiOiJjbGllbnQiLCJuYmYiOjE2NjY2NzgyNTYsInNjb3BlIjpbInJlYWQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwMDAiLCJleHAiOjE2NjY2NzkxNTYsImlhdCI6MTY2NjY3ODI1Nn0.QJOMrp2unqLP-nGYo5lnlg1Q3_XXR2XZBTQqt3C9tkhiVs4I2dDjaWze1LrnjEnP2hfb89XqpT1k1AjR_ApsOx5H8PcqqZ0Eaq89ICX6bu3LFo2HApYlV5kRQTD3HQq0uiA_hn9TTdvBJhM5Kz9_0rPQVzBpNqWGnkWzGvbukRPgnBYLNi6lVwOG3mZxkP8aNiOn5Z5PMo9pll6idQLadJtFQ7fKTjG8mFqh1BtLwpmH4U60dzaieafCXwczywKq0xVzk9asB9c0-gw_BbeK4Vns3tp8AzCCyH4rRwy6ssVblUlycyss7scpY9s2ibUZ6N3xg97nowp9Ygqjv_bccw",
    "scope": "read",
    "token_type": "Bearer",
    "expires_in": 899
}

Upvotes: 0

Views: 198

Answers (1)

ch4mp
ch4mp

Reputation: 12564

Oauth(2) standard makes no assumption on the token format. Authorization-server can use absolutely what he wants to.

If authorization-server issues JWT tokens, then other OAuth2 actors can decode and validate tokens with no more than authorization-server public key.

Other token formats, are considered "opaque" and must be introspected on the authorization-server for validation and to get associated claims.

Upvotes: 1

Related Questions