DEVHIDE
Login Or Sign up

Spring boot OAuth 2.0 Resource Server Introspection

382 Views Asked by At

I'm currently working on implementing OAuth 2.0 in a Spring Boot application with an external authorization server. My resource server is responsible for protecting resources via OAuth tokens, and I'm using Spring Security for this purpose.

I have configured the introspection endpoint in my resource server. However, I'm encountering an issue where the introspection endpoint is responding with a "201 CREATED" status instead of the expected "200 OK" status. Actually the authorization server has 2 endpoints for /auth/introspec one for GET and the other for POST. Since I am getting the error:

org.springframework.security.authentication.AuthenticationServiceException: Introspection endpoint responded with 201 CREATED

I came to conclude that spring security is doing POST request. How to force to make GET instead?

Here's a snippet of my current configuration:

application.properties: spring.security.oauth2.resourceserver.opaque-token.introspection-uri=https://server- name/auth/introspect spring.security.oauth2.resourceserver.opaque-token.client-id=client-id spring.security.oauth2.resourceserver.opaque-token.client-secret=secret

Dependencies

<parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
         <version>3.1.2</version>
         <relativePath/> <!-- lookup parent from repository -->
    </parent>


<dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-oauth2-resource-server</artifactId>
         <version>6.1.2</version>
    </dependency>


<dependency>
        <groupId>com.nimbusds</groupId>
        <artifactId>oauth2-oidc-sdk</artifactId>
        <version>10.13.2</version>
        <scope>runtime</scope>
    </dependency>


<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

I've reading through the documentation but didn't ring a bell yet.

Has anyone encountered a similar issue with OAuth 2.0 resource server introspection and can provide insights or suggestions on how to force the introspection endpoint to use the GET method correctly?

Thank you in advance

spring-security oauth token introspection oauth2resourceserver
Original Q&A
0

There are 0 best solutions below

Related Questions in SPRING-SECURITY

Related Questions in OAUTH

Related Questions in TOKEN

Related Questions in INTROSPECTION

Related Questions in OAUTH2RESOURCESERVER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.