Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Deferred
    • Affects Version/s: 1.0.0.RC2
    • Fix Version/s: None
    • Component/s: OAuth 2

      Description

      Currently, oAuth clients (e.g.tonr2) work with a local user DB (username+password). However, sometimes the scenario is that the client has no users DB of its own and it relies on the oAuth-provider for that. So technically the client uses "AnonymousAuthenticationToken", and then when OAuth2RestTemplate tries to obtain the token (in AccessTokenProviderChain.obtainAccessToken()), it fails, and then check if the token is of type "anonymous". If so it throws InsufficientAuthenticationException (and not UserRedirectRequiredException), so the client never gets redirected to get a token.

        Activity

        Hide
        Dave Syer added a comment -

        See also http://forum.spring.io/forum/spring-projects/security/oauth/723334-problem-using-salesforce-com-s-oauth2-connected-apps-as-an-identity-provider?_=1380749052170. Quote from that thread:

        "For now I would concentrate on OAuth2ClientAuthenticationProcessingFilter - it will force you to provide a ResourceServerTokenServices for your remote provider, which might be overkill for a simple authentication, but you should be able to do something that creates a good enough representation of the user and client to get you authenticated. In most cases this will require you to contact a remote endpoint( e.g. /userinfo or /me) to get some information about the user."

        Show
        Dave Syer added a comment - See also http://forum.spring.io/forum/spring-projects/security/oauth/723334-problem-using-salesforce-com-s-oauth2-connected-apps-as-an-identity-provider?_=1380749052170 . Quote from that thread: "For now I would concentrate on OAuth2ClientAuthenticationProcessingFilter - it will force you to provide a ResourceServerTokenServices for your remote provider, which might be overkill for a simple authentication, but you should be able to do something that creates a good enough representation of the user and client to get you authenticated. In most cases this will require you to contact a remote endpoint( e.g. /userinfo or /me) to get some information about the user."
        Hide
        Dave Syer added a comment -

        Moved to github: https://github.com/spring-projects/spring-security-oauth/issues (with summary prefixed with old JIRA ID).

        Show
        Dave Syer added a comment - Moved to github: https://github.com/spring-projects/spring-security-oauth/issues (with summary prefixed with old JIRA ID).

          People

          • Assignee:
            Dave Syer
            Reporter:
            ohad redlich
          • Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 3d
              3d
              Remaining:
              Remaining Estimate - 3d
              3d
              Logged:
              Time Spent - Not Specified
              Not Specified