All geek questions in one place

You must create the oAuth2 token manually without a password

I have implemented oAuth2 with spring protection and it works great for me. But now I want to create a user token from the external interface manually without a password. Because I only have a username.

Can someone help me.

+6
source share
2 answers

Got an answer !!!

HashMap<String, String> authorizationParameters = new HashMap<String, String>(); authorizationParameters.put("scope", "read"); authorizationParameters.put("username", "user"); authorizationParameters.put("client_id", "client_id"); authorizationParameters.put("grant", "password"); Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("ROLE_USER")); Set<String> responseType = new HashSet<String>(); responseType.add("password"); Set<String> scopes = new HashSet<String>(); scopes.add("read"); scopes.add("write"); OAuth2Request authorizationRequest = new OAuth2Request( authorizationParameters, "Client_Id", authorities, true,scopes, null, "", responseType, null); User userPrincipal = new User("user", "", true, true, true, true, authorities); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( userPrincipal, null, authorities); OAuth2Authentication authenticationRequest = new OAuth2Authentication( authorizationRequest, authenticationToken); authenticationRequest.setAuthenticated(true); OAuth2AccessToken accessToken = tokenService .createAccessToken(authenticationRequest);

accessToken is the token you want.

thanks

+16
source

Assign an access token during registration, Spring boot. Call getAccessToken (user) from anywhere in your application code.

 public OAuth2AccessToken getAccessToken(User user) { HashMap<String, String> authorizationParameters = new HashMap<String, String>(); authorizationParameters.put("scope", "read"); authorizationParameters.put("username", user.getEmail()); authorizationParameters.put("client_id", clientId); authorizationParameters.put("grant", "password"); Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); user.getRoles().forEach((role) -> { Role rol = roleRepository.findByName(role.getName()); authorities.add(new SimpleGrantedAuthority(rol.getName())); }); Set<String> responseType = new HashSet<String>(); responseType.add("password"); Set<String> scopes = new HashSet<String>(); scopes.add("read"); scopes.add("write"); OAuth2Request authorizationRequest = new OAuth2Request(authorizationParameters, clientId, authorities, true, scopes, null, "", responseType, null); org.springframework.security.core.userdetails.User userPrincipal = new org.springframework.security.core.userdetails.User( user.getEmail(), user.getPassword(), authorities); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userPrincipal, null, authorities); OAuth2Authentication authenticationRequest = new OAuth2Authentication(authorizationRequest, authenticationToken); authenticationRequest.setAuthenticated(true); OAuth2AccessToken accessToken = tokenServices().createAccessToken(authenticationRequest); return accessToken; } @Bean TokenEnhancerChain enhancerChain() { TokenEnhancerChain enhancerChain = new TokenEnhancerChain(); enhancerChain.setTokenEnhancers(Arrays.asList(customTokenEnhancer, accessTokenConverter())); return enhancerChain; } @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey(signingKey); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); defaultTokenServices.setSupportRefreshToken(true); defaultTokenServices.setTokenEnhancer(enhancerChain()); return defaultTokenServices; }
0
source

Source: https://habr.com/ru/post/1243634/

More articles:


All Articles