Giters

spring-guides / tut-spring-security-and-angular-js

Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.

Home Page:https://spring.io/guides/tutorials/spring-security-and-angular-js/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

JWT tokens not forwardable?

timwebster9 opened this issue · comments

commented

HI - I asked this question on Stackoverflow:

http://stackoverflow.com/questions/34185999/spring-oauth2resttemplate-loses-token-when-configured-to-use-jwt

The easier way of asking this question might be: should JWT tokens be forwardable (by default, OOB) with Spring Cloud OAuth2? They don't appear to be with the default behaviour, and I'm not sure if I have to implement something myself (e.g. my own TokenServices) or if I'm doing something else wrong.

In a nutshell, when resource servers are configured to use JWT (e.g. with a public key), once authentication occurs the token is not stored in the OAuth2ClientContext (like what happens with UserInfoTokenServices). So if a new request needs to be made downstream, the token is not available and it tries to go off and get one (and fails).

Incidentally, when an 'SSO client' (@EnableOAuth2Sso) authenticates by obtaining a token, it is stored in the OAuth2ClientContext, so as long as you don't try to perpetuate the calls beyond that it works OK.

commented

Thanks for reporting, but I notice you've also posted the same question on Stack Overflow. It's better if in the future you don't cross-post questions as it makes it hard for people searching to find answers. I'll close this one in favor of Stack Overflow.

If you think there is an issue, it's probably in Spring Cloud Security anyway, so please open one there if you need to make changes.