Hi All,

I am trying to use Gateway pattern with external OAuth2 provider (Google/FaceBook in my case it is Ping). Should I end up having another AuthServer? When I do that, from Client I get one security handshake and another from Auth server to external auth provider (there is another redirect). Even though I invalidate session object on auth server, I see every request sent from browser to resource ends up sending 2 tokens.

What I ended up doing, is to create a Secure-Gateway (Configuring security and OAuth) along with JWT. It all looks fine but, my Resource server is disconnected- it doesn't get access to actual user context. When I debug I see a request to Resource Server is with anonymous User and it throws '401' exception.

I can't share my code on forum (company policy doesn't allow me). But, in case if needed, I can mockup a test code if it helps.

Any help is sincerely appreciated.
-R

It’s not really a question about this project is it? Maybe you would do better on StackOverflow (and creating a sample project is always a good idea for a complex question like this)?

Thanks Dave. I am not sure if the issue is with project. But, I am following the "double" example. And felt that changing auth server to use 3rd party auth provider isn't giving me desired results.

I created a sample here - https://github.com/ravan34/sample-gateway - Please feel free to have a look and throw some suggestion.

Note: Oauth configurations are dummy in the example. Anyone who is trying need to create a client of their choice and configure appropriately.

Happy Thanks Giving :)

-Ram

I don't really understand what you are trying to do. Your gateway has Facebook SSO (which looks like it would work, but you haven't used @EnableOAuth2Sso anywhere), but it is also an auth server. I'm not sure what the auth server is supposed to do, because there is no client app in the sample. Maybe you want the gateway to be its own client app, just to make it create its own tokens. I'm sure that's possible, but if it is also a Facebook client then one of them has to be a "custom" configuration. Probably that's what your OAuthSecurityConfig is doing?

Would it maybe be a good idea to split the auth server out from the gateway, at least to make sure it works?

Hi Dave,

Yes. You are right. I want my Gateway to be my Client. Following is sequence -

1. User tries to access application (http://localhost:8080/)
2. Gets redirected to Facebook(or any other Auth Provider) for auth.
3. On success - Lands on home page.
4. All the functionality will be served from STATELESS apps - In this case resource.
   p.s. Resource(s) can be a Angular or Java app. For simplicity, I just added 1 app.

If I add another abstraction for OAuth (Like in your "double" example). I ended up seeing 2 sessions created (1 for Client to OAuth and other is OAuth to Facebook) and also having a dummy Client and secret is not very convincing.

With the uploaded example I am able to login and redirected to home.html. When I access /resource, I am getting "Full authentication is required to access this resource" error.

Let me know if you need more details.

-Thanks a ton
Ram

A small correction to the diagram.

See this sample and the comments in the README: https://github.com/dsyer/auth-server-client

Thanks a ton @dsyer.