I know how to implement basic oauth. My problem is that if I make a simple security filter like:
` @Bean
public SecurityFilterChain configure(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(withDefaults());
return http.build();
}`
Than I can adress @GetMappings in my browser and get prompted a oauth login screen and login there, but I can’t adress a PostMapping or GetMapping in postman, because it doesn’t redirect to a login screen (you get the html for the login screen as the ResponseBody in postman)
I can get a valid acces token from auth0 via ‘https://{yourDomain}/oauth/token’, but if I simply pass that jwt along as a “Bearer token” in postman, it doesn’t work. It still shows me the login-screen-html in the response body.
It seems to me there’s two things I can do:
- Make sure postman bypasses the login screen. I maybe don’t really want to do that, since I want my backend and frontend to communicate their security through jwt. Or else I have to convince other people (from a different department) to change the way they implement frontend security, which is a pain for everyone. (If it needs to happen, it needs to happen though)
- Make sure the backend parses the jwt somehow. Maybe an extra Filter that checks the jwt’s validity with the provider? I’m not sure how to tackle this.
@jgrim@discuss.online, any thoughts on OP’s Spring Boot issue?