TechQA.

Disable redirect to oauth2/authorization/{registrationId} in oauth2 client flow in Spring Cloud Gateway

3k views Asked by At

Is it possible to disable redirect to oauth2/authorization/{registrationId} in oauth2 client flow? I have following properties for oauth2 flow in Spring Cloud Gateway, but nowhere I didn't specify url oauth2/authorization/{registrationId}:

  security:
    oauth2:
      client:
        registration:
          smart_hub_client:
            provider: wso2is
            client-id: someid
            client-secret: somesecret
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/redirect_uri"
            scope: sso,openid
        provider:
          wso2is:
            authorization-uri: https://authserver/oauth2/authorize?loginPage=login.jsp
            token-uri: https://authserver.com/oauth2/token
            user-info-uri: https://authserver/oauth2/userinfo
            user-name-attribute: sub
            jwk-set-uri: https://authserver.com/oauth2/jwks

enter image description here

The Request URL from screenshot is here: https://myscgapp/oauth2/authorization/smart_hub_client

UPDATE: I have updated conf from above to my example. The main problem - I have redirect loop. Maybe disabling https://myscgapp/oauth2/authorization/smart_hub_client can help? Or root cause is another?

I have such redirect loop: enter image description here

spring-security oauth-2.0 spring-security-oauth2 spring-cloud-gateway spring-boot-starter-oauth2-client
Original Q&A
1

There are 1 answers

11
Eleftheria Stein-Kousathana On

The OAuth2AuthorizationRequestRedirectFilter uses an OAuth2AuthorizationRequestResolver to initiate the Authorization Code grant flow by redirecting the end-user’s user-agent to the Authorization Server’s authorization endpoint.
The default implementation DefaultOAuth2AuthorizationRequestResolver matches on the (default) path /oauth2/authorization/{registrationId}.

You can customize this by providing a custom ServerOAuth2AuthorizationRequestResolver.

In the example below, the resolver will match on the path /auth/custom/sso/{registrationId} instead of /oauth2/authorization/{registrationId}.

@EnableWebFluxSecurity
public class SecurityConfig {

    @Autowired
    private ReactiveClientRegistrationRepository clientRegistrationRepository;

    @Bean
    SecurityWebFilterChain configure(ServerHttpSecurity http) {
        http
            .authorizeExchange(exchanges ->
                exchanges
                    .anyExchange().authenticated()
            )
            .oauth2Login(oauth2Login ->
                oauth2Login
                    .authorizationRequestResolver(getAuthorizationRequestResolver()));
        return http.build();
    }

    private ServerOAuth2AuthorizationRequestResolver getAuthorizationRequestResolver() {
        return new DefaultServerOAuth2AuthorizationRequestResolver(
                this.clientRegistrationRepository,
                new PathPatternParserServerWebExchangeMatcher(
                        "/auth/custom/sso/{registrationId}"));

    }
}

Related Questions in SPRING-SECURITY

Related Questions in OAUTH-2.0

Related Questions in SPRING-SECURITY-OAUTH2

Related Questions in SPRING-CLOUD-GATEWAY

Related Questions in SPRING-BOOT-STARTER-OAUTH2-CLIENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions