I have 2 separate Spring boot applications, one of which serves as an OAuth 2 authorization server, and the other as a resource server. I am using Spring RemoteTokenServices
on my resource server to verify tokens from the authorization server. Now I'm trying to determine the protected code of the controller in the application of my resource server, but I'm not sure how to map the UserDetails
class to the authentication principal provided through the OAuth 2 mechanism.
I installed my authorization server with a custom TokenEnhancer
, which adds more details to the token so that /oauth/check_token?token=<token>
comes back with custom fields that I want to map to resource server controllers.
In a more seamless installation, where the authorization server is also a resource server, I can define controller methods that use the authenticated principle as follows:
However, this does not seem to work so directly in a more distributed approach. The mapping is not performed, and the user
parameter becomes the null object. I tried using the following approach:
public Map<String, Object> getResource(Authentication authentication) {
Although the above code successfully matches authentication data, it does not provide me with direct access to the custom fields that I set through the TokenEnhancer
, which I mentioned earlier. I can't seem to find anything in the Spring docs regarding this.
source share