Spring OAuth2 authentication with token

Question

I have this SpringBoot app, which uses the OAuth2 login via Google. And it works just fine on it's own.

However, I'm trying to connect it with my React frontend and thus: trying to develop the exchange of tokens.

SecurityConfig

http.cors()
      .and()
      .authorizeRequests()
      .antMatchers(HttpMethod.GET, "/oauth/**")
      .authenticated()
      .anyRequest()
      .permitAll()
      .and()
      .oauth2Login();

Now, I'm obtaining the token this way:

OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(authentication.getAuthorizedClientRegistrationId(), authentication.getName());
String token = client.getAccessToken().getTokenValue();

and send it to my React client.

The question is: how to receive and interpret the authorization token at SpringBoot app? Right now it's giving me a CORS issue as soon as I attach the Authoriation header...

score 0 · Answer 1 · answered Feb 09 '21 at 10:27

0

you have to configure the allowed CORS requests in your spring boot app or serve your react frontend from the same domain.

personally ive always done the second option, with the spring boot app serving the react bundle on some url (e.g. /static/js/).

answered Feb 09 '21 at 10:27

murphy1312

553
9
18

No, it's not that simple. I have CORS enabled of course... – k-wasilewski Feb 09 '21 at 10:31
Is it an OPTIONS request that is blocked? – murphy1312 Feb 09 '21 at 12:58
disable the security for the preflight request - e.g. https://stackoverflow.com/a/26848692/5885758 – murphy1312 Feb 09 '21 at 14:16
Man, I'm telling you it's not that simple! It's google endpoint that's blocking me.. – k-wasilewski Feb 09 '21 at 16:14

Spring OAuth2 authentication with token

1 Answers1