0
I have a Rest API in spring with OAUTH2 my doubt is the following, it is possible to change the username that is written in the token of each session of OAUTH2. My problem basically is, that to facilitate support the admin user manages to change user at any time.
1
Is not possible and nor should it be done that way.
The token generated by the authorization server is immutable, it is signed and any change in its content will invalidate it.
Anyway, this violates the authorization standard proposed by the Oauth2 framework, when accessing other users' resources, they should be aware that this access is being made and authorize their account to perform it.
Maybe the Grant Type that you are using is not the most suitable for your problem.
Browser other questions tagged java spring rest oauth2 oauth
You are not signed in. Login or sign up in order to post.
Do you know any way I could do that? Maybe a master password something like.
– Felipe Effting
Ideally you would have an admin user, and authenticate using this user. System features should allow this user to check other users' data.
– nullptr
As I really needed this function in view of the easier customer service, which I did, I have a routine to get the logged in user, I did another routine who based on the token created for the admin I point him to another user, Thanks for the help and the tips, hug.
– Felipe Effting