Spring boot security oauth2 get access_token from cookie
Spring boot security oauth2 get access_token from cookie
I'm currently implementing the authentication between several Spring Boot applications. At the moment, the jwt access token is sent in the authorization header and it is picked up by the resource server. However I would like to use HttpOnly cookies to send the tokens and was wondering how do you configure Spring Boot to get the token from cookies instead of the headers.
I should mention that I'm using the spring-security-oauth2 and spring-security-jwt libraries.
Thank you!
Why do you want to use the cookie instead of the HTTP Authorization header (bearer)? You probably want to send the token only with API calls, not every request (cookies).
– Ján Halaša
Jan 25 '18 at 15:10
I've been reading articles on JWT tokens and most of them recommend storing the token in a httpOnly cookie as it can't be accessed through js and is more secure. What do you think?
– ionutt93
Jan 25 '18 at 16:09
i dont think this is good approach but why did you do that ?
– Mithat Konuk
Sep 6 '18 at 6:22
1 Answer
1
Managed to get the token from the cookies by creating my custom TokenExtractor and passing that in configuration class (the one with @EnableResourceServer) like the following:
public void configure(ResourceServerSecurityConfigurer resources)
resources.tokenExtractor(new CustomTokenExtractor());
Thanks for contributing an answer to Stack Overflow!
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Hi, I'm quite new to the Spring Boot framework, so I don't really know where to start to be honest :). I've set up a configuration class (following a tutorial) which configures the httpSecurit and tokenServices. But I don't know at which point the token get's extracted from the request.
– ionutt93
Jan 25 '18 at 14:21