-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable OAuth2 refresh token. #15424
Enable OAuth2 refresh token. #15424
Conversation
generators/server/templates/src/main/resources/logback-spring.xml.ejs
Outdated
Show resolved
Hide resolved
f579884
to
25190a9
Compare
25190a9
to
061746b
Compare
061746b
to
f241ee3
Compare
Right, using filter is way better than what we did. |
generators/server/files.js
Outdated
@@ -1165,6 +1165,35 @@ const serverFiles = { | |||
templates: ['META-INF/services/reactor.blockhound.integration.BlockHoundIntegration'], | |||
}, | |||
], | |||
springBootOauth2: [ | |||
{ | |||
condition: generator => generator.authenticationType === 'oauth2' && generator.applicationType === 'monolith', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
constants?
@@ -999,7 +999,16 @@ public class UserService { | |||
}) | |||
<%_ } _%> | |||
.collect(Collectors.toSet())); | |||
return <% if (databaseType !== 'no' && !reactive) { %>new <%= asDto('AdminUser') %>(syncUserWithIdP(attributes, user))<% } else if (!reactive) { %>user<% } %><% if (databaseType === 'no' && reactive) { %>Mono.just(user)<% } else if (reactive) { %>syncUserWithIdP(attributes, user).flatMap(u -> Mono.just(new <%= asDto('AdminUser') %>(u)))<% } %>; | |||
|
|||
<%_ if (databaseType === 'no') { _%> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
constants?
Everything looks good now: do you want I merge it? |
If it looks ok, then yes 😄. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add offline_access
as a scope and configure Keycloak to return a refresh token by default.
private <%= reactivePrefix %>OAuth2AuthorizedClientService authorizedClientService; | ||
|
||
@Autowired | ||
private ClientRegistration clientRegistration; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indent 4 spaces
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😃🤩✌️
@mraible in my tests At least our angular client, uses cookies, which expires and I think this makes |
We have React Native, Ionic, and Flutter support! 😊
I think we should have it enabled by default in dev mode, maybe not in production.
… On Jun 26, 2021, at 18:26, Marcelo Shima ***@***.***> wrote:
We should add offline_access as a scope and configure Keycloak to return a refresh token by default.
@mraible in my tests offline_access is not required to enable refresh tokens, it's already enabled by default.
At least our angular client, uses cookies, which expires and I think this makes offline_access useless.
And we don't provide a mobile app, so IMO offline_access is not a sensible default.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
@mraible offline access is achieved at Keycloak level, not spring-sec one right? Also, the claim is already configured on keycloak side. |
The client (Spring Security in this case) needs to pass in |
Fixes #15069.
Please make sure the below checklist is followed for Pull Requests.
When you are still working on the PR, consider converting it to Draft (bellow reviewers) and adding
skip-ci
label, you can still see CI build result at your branch.