search

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
http://github.com/spring-projects/spring-security-oauth
Apache License 2.0
4.69k stars 4.04k forks source link

user A get the user B info by access_token #1559

Closed whucsfzf closed 4 years ago

whucsfzf commented 5 years ago

my system is based on springcloud Dalston.SR3, springboot 1.5.6.RELEASE, oauth2 When user login in, the auth server generate the access_token to the user. The token info is stored in the redis store. Then i found a strange thing, user A use A's access_token to access the web system, but get the user B's info。 The system architecture is : nginx -> zuul gateway -> app(->access auth to get user's info by access_token) What a terrible thing,help me to find the reason , thank you!

jgrandja commented 5 years ago

@whucsfzf It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of.

After you provide this, I'll help resolve your issue.

whucsfzf commented 5 years ago

@whucsfzf It would be very helpful if you could provide a complete and minimal sample that reproduces the issue and share it via a GitHub repository. This will allow us to efficiently troubleshoot and help resolve the issue. The sample should contain the minimum amount of code to reproduce the issue along with detailed steps on how to reproduce. Please see the following references for what a complete and minimal sample should consist of.

After you provide this, I'll help resolve your issue.

Thank you for your help. It's hard to give a complete sample now, it is in a big project. Also the problem appear sometime. I will find the situation to reproduce the problem. Then provide the complete sample.It may cost some time.

jgrandja commented 5 years ago

@whucsfzf It's difficult to troubleshoot issues that are intermittent. I will wait for a sample from you that can reproduce the issue. Thanks.

jgrandja commented 4 years ago

@whucsfzf I'm closing this due to lack of feedback re: sample.