We have an authorization server, which is used by multiple clients. Few clients wants to generate the access token using "client_credentials" grant type(thus sharing the clientId and clientSecret in the /token endpoint), while few using "authorization_code" grant type to generate the auth code(/authorize) and subsequently access token(passing the auth code in /token endpoint). How do I configure this?
authorizationServerConfigurer
.oidc(oidc -> oidc
.providerConfigurationEndpoint(providerConfigurationEndpoint ->
providerConfigurationEndpoint.providerConfigurationCustomizer(builder ->
builder
.grantTypes(grantTypesList)
.tokenEndpointAuthenticationMethod("client_secret_post")
))
)
.authorizationEndpoint(authEndpoint ->
authEndpoint
.authorizationRequestConverter(new AuthorizationRequestConverter())
)
.tokenEndpoint(//support authorization_code)
.tokenEndpoint(//support client_credentials)
;
I have tried to find documentation to support this, but couldnt find a clear solution.
You can simply provide multiple
RegisteredClients through aRegisteredClientRepository.This is well documented in the Getting Started example, which only configures a single client, but you can also configure multiple. See the demo sample which also provides an example of multiple clients. More details about
RegisteredClientRepositoryare provided in core components in the docs.