Spring Boot OAuth2 Single Sign Off -


i'm considering use oauth2 application. architecture i'm trying implement follows:

  • i have own (and this) authorization server
  • some resource apps validating access resources using authorization server
  • some client apps (web, mobile) redirect user authorization server authentication , on success consume api's on resource apps.

so far have managed implement interaction between 3 basic apps (1 auth server, 1 resource server , 1 client). thing don't working logout functionality. have read of "notoriously tricky problem" dave syer describes in tutorial, in case need user re-login after loging out. have tried giving few seconds access token , refresh token, instead of being prompted login again when expiration arrives, i'm getting npe on client app. have tried solutions proposed in post remove token token store, doesn't work. single sign off me desirable behaviour implementation. how can achieve using spring boot oauth2. if not possible reason, alternatives use implement centralized security using spring boot?

thanks in advance.

after lot of tests have realized can solved simple redirect:

  • in client app (websecurityconfigureradapter):

    @override protected void configure(httpsecurity http) throws exception {     http             .logout()             .logoutsuccessurl("http://your-auth-server/exit"); } 
  • in authorization server:

    @controller public class logoutcontroller {      @requestmapping("/exit")     public void exit(httpservletrequest request, httpservletresponse response) {         // token can revoked here if needed         new securitycontextlogouthandler().logout(request, null, null);         try {             //sending client app             response.sendredirect(request.getheader("referer"));         } catch (ioexception e) {             e.printstacktrace();         }     } } 

i have posted sample app on github full example of implementation.


Comments

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

c# - Selenium Authentication Popup preventing driver close or quit -

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -