I got stuck with the OAuth 2.0 Server in Spring 6 Spring Boot 3.
I build an AuthServer and an ResourceServer.
With my JS-Client I can Log in, get an auth-code, then I can exchange this code for the access-token and here begins the dilema.
I get an json-obj with:
access_token
scope
id_token
token_type
expires_in
access_token: "eyJraWQiOiI5NWE0MTU3Mi1iNDYxLTQ0NDctYjZkNy00MTg2ZWY0NTE1OTciLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiZW4iLCJhdWQiOiJjbGllbnQiLCJuYmYiOjE3MjkxNTMxMzQsInNjb3BlIjpbInVzZXIucmVhZCIsIm9wZW5pZCIsIm9mZmxpbmVfYWNjZXNzIl0sImlzcyI6Imh0dHA6Ly8xMjcuMC4wLjE6ODA4MCIsImV4cCI6MTcyOTE1MzQzNCwiaWF0IjoxNzI5MTUzMTM0LCJqdGkiOiI4MTIzZjI5Ni0zNTE5LTQwOTgtYWU2NS1hN2FmMDhhMGE0NTIifQ.Y-FGu2CvwC3j3_w2QfF4UMDN8GekXdhGH2F_KVxaCxlJgx5tlcf-XTsN6396R5SZr4qGOGs3eeBi5CL6nJPIcfk92uju1N1KgzsbsHpIcWZZANO2QRbBaCIXn0mO2nxHOWR8N77R5m_ST2bhXOP8vLmM68Q1I3-NzOEkQM9X8mSi8ve3JBOHGVjD1pyyyinxLtNpFdnJVVexnnmDHRBOpEaivqBi3mSWN6lfLovOTqUsAVVKPtMjuaxHFFmvfeSHp328w-JuGTsVd4Irisc2UF44bZ2fRG0vSTVWFVODemvanwkfurJ-8GhPbnvnsxhCDhw-UQ-iLkwFXcOmjhAD6Q"
expires_in: 299
id_token: "eyJraWQiOiI5NWE0MTU3Mi1iNDYxLTQ0NDctYjZkNy00MTg2ZWY0NTE1OTciLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiZW4iLCJhdWQiOiJjbGllbnQiLCJhenAiOiJjbGllbnQiLCJhdXRoX3RpbWUiOjE3MjkxNTMxMzMsImlzcyI6Imh0dHA6Ly8xMjcuMC4wLjE6ODA4MCIsImV4cCI6MTcyOTE1NDkzNCwiaWF0IjoxNzI5MTUzMTM0LCJqdGkiOiIxZjVlNzI4NC01ZjcyLTQxZmEtYWE4MS1kOTkwMGZjYjg1YmEiLCJzaWQiOiJMVUpCYlU1OWgxa290NGRsWmxadFJOZk96dE5QaEFOQWdQbWw0a2RLdWlNIn0.VqqlS1J1zLL79PVvvKujJOMDIKJkZQtzgspLYDZlM7FXZk2q02xFYrUE1X2YIg_5aAR2KDYspHlcpXarnxr6CQPNmjDdzqdYBsoehnXYJYkpw9tdmqy3qCkkywtaRrTwNxryFgAyJ6wl2bf_2nZpny2WIItTa2YFsahpZ3tTc6ezka4Nd5_aWQnlgl2fcRhNY_HPyLSDpoXtjlYX-IUNIr9ghoMPCU5koDzHQ1tUIbcZQevoJx84RXinjfIJJmIosBgdrGun0Z847OeE0Fw3YmNN5gC8CBT-8Rab5Irmsz5msF2P3ixMNBK9uilVhfhSbEzMTuA_rXnEhz4zq7zXiA"
scope: "user.read openid offline_access"
token_type: "Bearer"
There isn’t any refresh_token, but by guides there should be this Token comes with the rest.
So I can’t get an fresh access_token after the 300 seconds. And refresh the Browser all 5 minutes is no option.
Maybe anyone run into the same Problem and solve it and could Help me please?
I tried follows the offical Guide, watch YouTube and ask AI.
I include the offline_access scope and the refresh_token grant-type into the application.properties.
spring.application.name=authorizationserver
server.port=8080
spring.security.oauth2.authorizationserver.client.client-1.registration.client-id=client
#spring.security.oauth2.authorizationserver.client.client-1.registration.client-secret={bcrypt}$2a$12$qew6z2l8LLQQeTRxqZekHOlT0jPtyrosuHtskyQBZiFOUaxXAgpIC
#spring.security.oauth2.authorizationserver.client.client-1.registration.client-authentication-methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.client-1.registration.client-authentication-methods=none
spring.security.oauth2.authorizationserver.client.client-1.registration.authorization-grant-types=authorization_code,refresh_token
#spring.security.oauth2.authorizationserver.client.client-1.registration.redirect-uris=http://127.0.0.1:8082/login/oauth2/code/spring
spring.security.oauth2.authorizationserver.client.client-1.registration.redirect-uris=http://127.0.0.1:5173/callback
# not working wether with or without client.client-1
spring.security.oauth2.authorizationserver.client.client-1.token.refresh-token.enabled=true
spring.security.oauth2.authorizationserver.client.client-1.registration.scopes=user.read,user.write,openid,offline_access
spring.security.oauth2.authorizationserver.client.client-1.require-authorization-consent=true
logging.level.org.springframework.security=DEBUG
It seems that the Problem is not very common, since I can’t find any solution.
You need to sign in to view this answers
Leave feedback about this