TechQA.

Spring Security OAuth2 - Add parameter to Authorization URL

6.2k views Asked by At

I am using Spring Security with OAuth2 for authentication/authorization using following project. http://projects.spring.io/spring-security-oauth/

I have a requirement to add parameter to OAuth2 authorization url. I am not sure how should I add it to AuthorizationCodeResourceDetails bean?

The problem is I want to start the user journey by login or registration from client site. Client will send an OAuth request and on Authorization server I will show either registration form or login form for user to continue its journey.

The default flow has only following parameters /oauth/authorize?client_id=[]&redirect_uri=[]&response_type=token&scope=openid+profile&state=HZSMKb

I want to append "&startPoint=register"

public OAuth2ProtectedResourceDetails googleOAuth2Details() {
    AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails();
    googleOAuth2Details.setAuthenticationScheme(header);
    googleOAuth2Details.setClientAuthenticationScheme(header);
    googleOAuth2Details.setClientId(clientId);
    googleOAuth2Details.setClientSecret(clientSecret);
    googleOAuth2Details.setUserAuthorizationUri(authorizationUrl);
    googleOAuth2Details.setAccessTokenUri(accessTokenUrl);

    googleOAuth2Details.setScope(asList("openid","profile"));
    return googleOAuth2Details;
}

@SuppressWarnings("SpringJavaAutowiringInspection") // Provided by Spring Boot
@Resource
private OAuth2ClientContext oAuth2ClientContext;

@Bean
@Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES)
public OAuth2RestOperations authCodeRestTemplate() {
    return new OAuth2RestTemplate(googleOAuth2Details(), oAuth2ClientContext);
}
spring spring-security oauth-2.0 spring-security-oauth2
Original Q&A
1

There are 1 answers

0
itontips On BEST ANSWER

As "AuthorizationCodeResourceDetails" which is based on auth2 "authorization_code" flow doesn't accept extra parameters. Therefore, to fix this I did workaround by providing the parameter in the authorization url itself.

For eg. if the authorization url is http://localhost:8080/idp/oauth/authorize

than I have appended my extra parameter to that url like following http://localhost:8080/idp/oauth/authorize?startPoint=register

As this request will be saved into the session by Spring under SavedRequest variable which I can get later on to find out whether initiated request was for registration or login.

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in OAUTH-2.0

Related Questions in SPRING-SECURITY-OAUTH2

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions