Skip to content
This repository has been archived by the owner on Apr 5, 2022. It is now read-only.

Support for Google oauth, bearer header is only in small letters. #63

Closed
patrykpacewicz opened this issue May 4, 2015 · 10 comments
Closed

Support for Google oauth, bearer header is only in small letters. #63

patrykpacewicz opened this issue May 4, 2015 · 10 comments
Labels
enhancement help wanted

Comments

@patrykpacewicz
Copy link

Hi,
I try to connect spring cloud security and google oauth. Spring security works nice because it allows me to use OAuth authentication by configuration only, but Google do not support the Spring way of sending a header bearer in small letters.

In such a case is there a possibility to connect :

  • spring-cloud-security
  • spring-security-oauth2
  • @EnableOAuth2Sso
  • Bearer with a capital letter ?

Below is prepared example where I was able to get most parts connected.
The remaining part to get a fully functional outcome is a 'Bearer' with a capital letter

    compile 'org.springframework.boot:spring-boot-starter-web:1.2.3.RELEASE'
    compile 'org.springframework.boot:spring-boot-starter-security:1.2.3.RELEASE'
    compile 'org.springframework.cloud:spring-cloud-security:1.0.1.RELEASE'
    compile 'org.springframework.security.oauth:spring-security-oauth2:2.0.7.RELEASE'
@SpringBootApplication
@EnableOAuth2Sso
@Controller
class Application {
    static void main(String... args) {
        SpringApplication.run(Application, args);
    }

    @RequestMapping('/')
    @ResponseBody
    String home() {
        'Hello World'
    }
}
spring:
  oauth2:
    client:
      clientId: XXXXXXXXXXXXXXXXXXX
      clientSecret: YYYYYYYYYYYYYYYYYY
      accessTokenUri: https://www.googleapis.com/oauth2/v3/token
      userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
      clientAuthenticationScheme: query
      scope:
        - profile
    resource:
      userInfoUri: https://www.googleapis.com/plus/v1/people/me
      preferTokenInfo: false

So how do you feel about the possibility of setting up a bearer header by configuration (eg via file)?
It seems to me that this type of change would open the spring-cloud-security for other tools like Google oauth
@dsyer
Copy link
Contributor

dsyer commented May 6, 2015

We could certainly open that up to a configuration property. Currently you have to set a custom authenticator in the OAuth2RestTemplate (by grabbing the bean with id "userInfoRestTemplate" and manipulating it in a @PostConstruct for instance).

@brycebudd
Copy link

@dsyer I am new to spring. Is there any example I can reference for how to access and change the header from "bearer to Bearer"?

@dsyer
Copy link
Contributor

dsyer commented May 13, 2015

I'm not aware of any such example. You can easily find out about @Autowired and @PostConstruct from any resource that you find on basic Spring stuff. Once you have the OAuth2RestTemplate you can just call its setters and getters.

@brycebudd
Copy link

Thanks for your reply. I have figured it out now. I appreciate your advice
& assistance.

@ryanjbaxter
Copy link
Contributor

Sounds like you figured out how to do this but in any case this is how I did it (in my case for Facebook but I believe Google has the same problem)

Create a class which extends DefaulOauth2RequestAuthenticator and override the authenticate method

@Override
  public void authenticate(OAuth2ProtectedResourceDetails resource,
          OAuth2ClientContext clientContext, ClientHttpRequest request) {
    OAuth2AccessToken accessToken = clientContext.getAccessToken();
    String tokenType = OAuth2AccessToken.BEARER_TYPE;
    request.getHeaders().set("Authorization", String.format("%s %s", tokenType, accessToken.getValue()));
  }

Then create another class which implements UserInfoRestTemplateCustomizer and implement the customize method

@Override
  public void customize(OAuth2RestTemplate template) {
    template.setAuthenticator(new NewOAuth2RequestAuthenticator());
  }

Finally create a bean for your new UserInfoRestTemplateCustomizer and it should work.

@brycebudd
Copy link

Thanks so much for your guidance @ryanjbaxter! I my solution is exactly as you describe. I appreciate the validation. Hopefully this helps others who are learning as well.

@ryanjbaxter
Copy link
Contributor

No problem. The credit should go to @dsyer who helped me implement it originally :)

@dsyer
Copy link
Contributor

dsyer commented May 13, 2015

...and then forgot completely about it. Ah well. Thanks, Ryan.

@ryanjbaxter
Copy link
Contributor

NP, saw the email and knew exactly when the problem was (for once!)

@dsyer dsyer closed this as completed in 76edd31 May 15, 2015
@dsyer dsyer mentioned this issue May 15, 2015
Closed
@nicodewet
Copy link

This thread is also relevant to WSO2 Identity Server (WSO2 IS) integration, i.e. you'll need to do the same thing. See this class (looks like the relevant WSOS class). Relevant artifacts in my case are WSOS IS 5.0.0 and spring-security-auth2 2.0.8. If you don't do this then you'll bang your head against the "Bearer token missing" message (which irrespective of whether it may be protocol compliant is not helpful in my mind).

@dalrympm dalrympm mentioned this issue Feb 13, 2016
Open
jannikweichert pushed a commit to jannikweichert/spring-cloud-security that referenced this issue Aug 4, 2017
@dsyer
Add external property to configure token type for user info
9435074 
User can set spring.oauth2.resource.tokentype=foo (Bearer is
the default). This makes it easier to use SSO with Google
and Facebook.

Fixes spring-atticgh-63
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement help wanted
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dsyer @brycebudd @ryanjbaxter @patrykpacewicz @nicodewet