Steve Riesenberg

icon indicating a website link https://insource.io

icon location Omaha, NE

Results 276 comments of Steve Riesenberg

`Authentication` in the security context is not updated during the refresh token flow

Thanks @filiphr, appreciate your perspective on this. > For the other points, perhaps an option would be to tackle this using the `OAuth2AuthorizationSuccessHandler`. It is certainly an option to solve...

`Authentication` in the security context is not updated during the refresh token flow

Hey folks, sorry for the delay, it has taken some time to make progress on this issue (which I suspected would be the case). I have updated the PR #16589...

`Authentication` in the security context is not updated during the refresh token flow

Hi @ch4mpy, thanks for the feedback. > from what I understand from the PR, it will work only when the `openid` scope is included: only the case where the principal...

DefaultBearerTokenResolver Regarding throwing an IllegalArgumentException when creating a BearerTokenAuthenticationToken instance when the allowFormEncodedBodyParameter member field is true or the allowUriQueryParameter member field is true.

Thanks for reaching out @jacknie84! > If the token is an `empty string` rather than `null`, an `IllegalArgumentException` will be thrown when creating a `BearerTokenAuthenticationToken` instance This is standard practice...

DefaultBearerTokenResolver Regarding throwing an IllegalArgumentException when creating a BearerTokenAuthenticationToken instance when the allowFormEncodedBodyParameter member field is true or the allowUriQueryParameter member field is true.

Thanks @jacknie84. Please note that I just spotted this line in your configuration: ``` http .... .securityMatchers(it -> it.requestMatchers("/partners/**", "/pa/**")) ``` This leaves part of your application unprotected, including `/error`....

DefaultBearerTokenResolver Regarding throwing an IllegalArgumentException when creating a BearerTokenAuthenticationToken instance when the allowFormEncodedBodyParameter member field is true or the allowUriQueryParameter member field is true.

@jacknie84 thanks for your reply and sample. > But my application does not protect the `/error` path. I would recommend that the entire application be protected unless it is not...

Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

@yvasyliev thanks for reaching out! I think there might be some overlapping concepts regarding Spring Boot outlined in this issue, that should be clarified before we can discuss your use...

Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

Thanks for being willing to provide that @xardbaiz but I think that is off-topic from this issue. I'm going to hide the comment so it doesn't interrupt the flow.

Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

@AndreaLombardo I think you will need to reach out on the spring cloud project’s issue tracker if you believe it’s a bug. Spring Security does not contribute to auto-configuration since...

Add `OAuth2AuthorizedClientManager` autoconfiguration without `spring-boot-starter-web` dependency

For reference (similar to above comments), here is the most [minimal configuration](https://github.com/sjohnr/spring-security-oauth2-service/blob/645049968dd81e2440f71083acc40bcdca4b15d4/src/main/java/com/example/SpringSecurityOauth2ServiceApplication.java#L29-L50) that I am aware of for configuring OAuth2 Client to obtain a `client_credentials` access token in a non-web...