OAuth2 - Change Password Password in Spring Security

Question

OAuth2 - Change Password Password in Spring Security

I am implementing OAuth2 for my REST service (password type) using the Spring Security Module. I am using postgreSQL as my Token Store. Everything works fine, but I need to add the ability to change the user password. If the user changes his password, the old token must be deleted / forgotten.

I implement this function using the JdbcTokenStore Spring service:

public void updatePassword(User user, String newPassword) { ... // Update password in database clearUserTokens(user.getUsername()); } private void clearUserTokens(String userName) { Collection<OAuth2AccessToken> tokens = jdbcTokenStore.findTokensByUserName(userName); tokens.stream().forEach(jdbcTokenStore::removeAccessToken); }

Is this approach right? Is there any standard way to deal with such situations?

+3

java spring security spring-security oauth-2.0

IgorekPotworek Oct 19 '15 at 10:11

source share

No one has answered this question yet.

See similar questions:

8

Does it make sense to store JWT in a database?

or similar:

3156

Why is char [] preferred over String for passwords?

1873

What is the difference between @Component, @Repository and @Service annotations in Spring?

1695

How to use java.net.URLConnection to start and process HTTP requests

1059

Safe hash and salt for PHP passwords

fifteen

Spring oauth2 security and form login configuration

14

Using scopes in the Spring role OAuth2 Security (provider)

0

Hide password in Oauth2 Token URL

0

Spring Rest API Oauth2 Security

0

Oauth2 spring security for spring site

-one

How do you use passwordless provisioning type in Spring Security Oauth2?

OAuth2 - Change Password Password in Spring Security

More articles: