How to generate Client Secret in OAuth2 Authentication using Spring

I am working on creating api for OAuth2 using Spring for my application but there is nothing written in the specification (http://tools.ietf.org/html/rfc6749) nor in Spring OAuth2 Documentation about how to generate client secret.

Do anyone have any idea?

Answer

Spring uses PasswordEncoder for decoding/encoding clients secrets. See the JdbcClientDetailsService (if you’re planning to store client details in DB).

So when configuring beans for Spring OAuth2 you typically provide an instance of PasswordEncoder for the ClientDetailsService.

Typical case is to use the BCryptPasswordEncoder. So before putting encoded client secret into database column you can write a sample program to generate it:

String password = "testPassword";
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(password);

Leave a Reply

Your email address will not be published. Required fields are marked *