I have server with dependencies and config as it mentioned Minimal OAuth2 Boot Configuration:
- spring-security-oauth2
- spring-security-oauth2-autoconfigure
Security config is annotated with @EnableResourceServer.
Properties contains:
spring:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
When I execute request curl -H "Authorization: xyz" http://localhost:8080/my-endpoint, I get 401 but I don't see that HTTP call for token validation would be executed.
If I remove spring prefix from the property, I still get 401 but it tries HTTP POST to https://token-validation-url/example:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
If I take the same token and try manually HTTP GET https://token-validation-url/example?otoken=xyz, it returns that it is valid.
How to specify otoken query param? Why server tries to validate token with HTTP POST instead HTTP GET?
Noticed that HTTP POST https://token-validation-url/example?otoken=xyz validates the same as GET so used:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
Just needed to set token name:
@SpringBootApplication
public class ExampleApplication {
public static void main(String[] args) {
ConfigurableApplicationContext context = SpringApplication.run(ExampleApplication.class, args);
RemoteTokenServices remoteTokenServices = context.getBean(RemoteTokenServices.class);
remoteTokenServices.setTokenName("otoken");
}
}
Other way to configure RemoteTokenServices: Configuring resource server with RemoteTokenServices in Spring Security Oauth2