on 2016 Oct 24 6:21 PM
Hi all,
I'm looking around oauth and seems to work fine. But i try to configure "OAuth auto approve" scopes list so that client does not need to approve the request. Or this is my understanding that this property should do. But it does not work at all. I try to configure different ways but nothing helps, client needs to approve the request. Has anyone managed to get this to work?
/Marko
I can verify that this was the case. I modified my oauth2 spring configuration and it worked. Here are the change I had to make
Add user approval handler bean and request factory in oauth2-web-spring.xml
<!-- A user approval handler that remembers approval decisions by consulting existing tokens -->
<bean id="oAuth2RequestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<constructor-arg ref="oauthClientDetails" />
</bean>
Modify the authorization server config and replace "user-approval-page" with "user-approval-handler-ref" like so
<oauth:authorization-server client-details-service-ref="oauthClientDetails"
token-services-ref="oauthTokenServices" token-endpoint-url="/oauth/token"
authorization-endpoint-url="/oauth/authorize"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code authorization-code-services-ref="oauthAuthorizationCode" />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
Add scope that you want to "auto approve" in your client config. An example of the client I am using:
INSERT_UPDATE OpenIDClientDetails;clientId[unique=true];resourceIds;autoApprove;scope;authorizedGrantTypes;authorities;clientSecret;registeredRedirectUri;externalScopeClaimName;issuer ;client;hybris;basic,email,profile,openid;basic,email,profile,openid;authorization_code,implicit,client_credentials,password;ROLE_TRUSTED_CLIENT;secret;http://localhost:3000/openidcallback,https://www.getpostman.com/oauth2/callback;scope;ec
Hope this helps. Cheers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It seems the oauth:authorization-server is configured to use the DefaultUserApprovalHandler which doesn't check the ClientDetails from the database. A handler which checks ClientDetails such as the TokenStoreUserApprovalHandler, can be wired in if you patch the file /hybris/bin/platform/ext/oauth2/web/webroot/WEB-INF/oauth2-web-spring.xml (and provide the necessary beans for the new handler)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.