0

I've been reading op on several Oauth2 guides and tutorials to figure out how to setup a Oauth2 security flow using Spring security (version 5.x). The flow itself is working correctly and I'm ending up with a JESSION cookie on my frontend application (Angular).

However, instead of using a jsessionid, I would like to use a token to authenticate with my backend. I've experimented a bit with sending my access token as bearer token but my SecurityContext remains emty. The only time when I actually get some values in my SecurityContext is when I pass the jsessionid as cookie in my request.

Is this a setting that can be toggled in Spring Security or do I need to write some custom code to pull this of?

Alexander Sels
  • 26
  • 3
  • 1
    Do you actually need that? The reason it's a cookie is because that's the most secure and also the simplest option. – Gabor Lengyel Jun 22 '22 at 07:43
  • To start with, do you have sessions disabled? see example here: https://stackoverflow.com/questions/2504590/how-can-i-use-spring-security-without-sessions – vladtkachuk Jun 23 '22 at 08:57
  • Have you checked this? [Spring REST API + OAuth2 + Angular](https://www.baeldung.com/rest-api-spring-oauth2-angular) – Eskandar Abedini Jun 28 '22 at 17:56

0 Answers0