I am attempting to use the OAuth capability in the Spring Security Rest plugin to authenticate with Amazon Cognito.
The plugin supports many OAuth providers out of the box (Google, Facebook, CAS, etc.).
However, in the "Delegating authentication to OAuth providers" section of the documentation it states: "To support OAuth, this plugin uses Profile & Authentication Client for Java. So you can use any OAuth 2.0 provider they support. "
Then it says "This includes at the time of writing: Dropbox, Facebook, GitHub, Google, LinkedIn, Windows Live, Wordpress, Yahoo, Paypal"
However, the pac4j site indicates that there is also a generic OidcClient available, so I tried to use that with the following configuration:
grails.plugin.springsecurity.rest.oauth.frontendCallbackUrl =
{ String tokenValue -> "http://localhost:9090/welcome#token=${tokenValue}" }
grails.plugin.springsecurity.rest.oauth.cognito.client = org.pac4j.oauth.client.OidcClient
grails.plugin.springsecurity.rest.oauth.cognito.key = '4jclknh5oq4fvdqvj6pm0o0qkr'
grails.plugin.springsecurity.rest.oauth.cognito.secret = '<secret>'
grails.plugin.springsecurity.rest.oauth.cognito.scope = "email,openid,phone"
But navigation to the URL specified in the documentation - http://localhost:9090/oauth/authenticate/cognito - yields a 404 error.
My basic question is am I correct in thinking the OidcClient client should work? Perhaps the pac4j included in the plugin is a version without the OidcClient.
If the OicdClient is available, is there some other configuration I also need to add?
If it's not available, is the best approach to write my own provider?
Environment:
Grails 5.2.5
spring-security-core 4.0.3
spring-security-rest 3.0.1