Enable OAuth2 refresh token. #15424
Enable OAuth2 refresh token. #15424
Conversation
generators/server/templates/src/main/resources/logback-spring.xml.ejs
Outdated
Show resolved
Hide resolved
mshima
force-pushed
the
skip_ci-oauth2_refresh
branch
from
f579884
to
25190a9
Compare
mshima
force-pushed
the
skip_ci-oauth2_refresh
branch
from
25190a9
to
061746b
Compare
mshima
force-pushed
the
skip_ci-oauth2_refresh
branch
from
061746b
to
f241ee3
Compare
mshima
changed the title
|
Right, using filter is way better than what we did. |
generators/server/files.js
Outdated
| @@ -1165,6 +1165,35 @@ const serverFiles = { | |||
| templates: ['META-INF/services/reactor.blockhound.integration.BlockHoundIntegration'], | |||
| }, | |||
| ], | |||
| springBootOauth2: [ | |||
| { | |||
| condition: generator => generator.authenticationType === 'oauth2' && generator.applicationType === 'monolith', | |||
| @@ -999,7 +999,16 @@ public class UserService { | |||
| }) | |||
| <%_ } _%> | |||
| .collect(Collectors.toSet())); | |||
| return <% if (databaseType !== 'no' && !reactive) { %>new <%= asDto('AdminUser') %>(syncUserWithIdP(attributes, user))<% } else if (!reactive) { %>user<% } %><% if (databaseType === 'no' && reactive) { %>Mono.just(user)<% } else if (reactive) { %>syncUserWithIdP(attributes, user).flatMap(u -> Mono.just(new <%= asDto('AdminUser') %>(u)))<% } %>; | |||
|
|
|||
| <%_ if (databaseType === 'no') { _%> | |||
|
Everything looks good now: do you want I merge it? |
If it looks ok, then yes 😄. |
| private <%= reactivePrefix %>OAuth2AuthorizedClientService authorizedClientService; | ||
|
|
||
| @Autowired | ||
| private ClientRegistration clientRegistration; |
@mraible in my tests At least our angular client, uses cookies, which expires and I think this makes |
|
We have React Native, Ionic, and Flutter support! 😊
I think we should have it enabled by default in dev mode, maybe not in production.
… On Jun 26, 2021, at 18:26, Marcelo Shima ***@***.***> wrote:
We should add offline_access as a scope and configure Keycloak to return a refresh token by default.
@mraible in my tests offline_access is not required to enable refresh tokens, it's already enabled by default.
At least our angular client, uses cookies, which expires and I think this makes offline_access useless.
And we don't provide a mobile app, so IMO offline_access is not a sensible default.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
@mraible offline access is achieved at Keycloak level, not spring-sec one right? Also, the claim is already configured on keycloak side. |
|
The client (Spring Security in this case) needs to pass in |
Fixes #15069.
Please make sure the below checklist is followed for Pull Requests.
When you are still working on the PR, consider converting it to Draft (bellow reviewers) and adding
skip-cilabel, you can still see CI build result at your branch.