Skip to content

Limit a client to a specific resource server #1033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zxuanhong opened this issue Jan 3, 2023 · 2 comments
Closed

Limit a client to a specific resource server #1033

zxuanhong opened this issue Jan 3, 2023 · 2 comments
Assignees
@jgrandja
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@zxuanhong
Copy link

Expected Behavior

@OverRide
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
ClientDetailsServiceBuilder.ClientBuilder clientBuilder = clients
.inMemory()
.withClient("client1")
.resourceIds("resourceServer1")
...

Context

  1. How to configure a resource id for a resource server
  2. Client management How to store the resource ids authorized by the current client id(The old authorization management had this field)

image
@zxuanhong zxuanhong added the type: enhancement A general enhancement label Jan 3, 2023
@jgrandja
Copy link
Collaborator

jgrandja commented Jan 4, 2023

@Zxiaozhou Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it).

Please see OAuth2TokenCustomizer as it allows you to add custom claims in the Jwt, e.g. resource_id.

You can store the resource_id's for each client in RegisteredClient.clientSettings.

@jgrandja jgrandja closed this as completed Jan 4, 2023
@jgrandja jgrandja self-assigned this Jan 4, 2023
@jgrandja jgrandja added for: stackoverflow A question that's better suited to stackoverflow.com and removed type: enhancement A general enhancement labels Jan 4, 2023
@jgrandja jgrandja changed the title Spring Authorization server - limit a client to a specific resource server Limit a client to a specific resource server Jan 4, 2023
@jgrandja
Copy link
Collaborator

jgrandja commented Jan 4, 2023

Related gh-279

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgrandja @zxuanhong