In my spring boot project, I'm using spring 'spring-cloud-starter-oauth2' dependency to enable oauth security using JWT tokens. The dependency exposes two endpoints for /oauth/token with GET and POST options. How do I disable GET endpoint and only keep POST option? My swagger UI and shows both GET and POST endpoints and that's how I noticed it.
1
votes
What is your problem with the 'GET' endpoint? Why do you want to disable it?
- dur
It a requirement my company asked for. They just want the POST endpoint for /oauth/token. I tried fiddling with AuthorizationServerEndpointsConfigurer but it doesn't expose any functionality to disable an endpoint.
- pumpedup bro
AFAIK it is not possible. You would write your own OAuth2 implementation (for example fork Spring Security OAuth2 project on GitHub).
- dur
1 Answers
0
votes
You can explicitly allow only POST method on the /oauth/token endpoint with the following config:
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.allowedTokenEndpointRequestMethods(HttpMethod.POST);
}
}
