stackoom
  简体   繁体   中英

Spring Security OAuth2 - Add parameter to Authorization URL

 原文  2015-06-19 14:13:34       spring/ spring-security/ oauth-2.0/ spring-security-oauth2

Question

I am using Spring Security with OAuth2 for authentication/authorization using following project. http://projects.spring.io/spring-security-oauth/

I have a requirement to add parameter to OAuth2 authorization url. I am not sure how should I add it to AuthorizationCodeResourceDetails bean?

The problem is I want to start the user journey by login or registration from client site. Client will send an OAuth request and on Authorization server I will show either registration form or login form for user to continue its journey.

The default flow has only following parameters /oauth/authorize?client_id=[]&redirect_uri=[]&response_type=token&scope=openid+profile&state=HZSMKb

I want to append "&startPoint=register"

public OAuth2ProtectedResourceDetails googleOAuth2Details() {
    AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails();
    googleOAuth2Details.setAuthenticationScheme(header);
    googleOAuth2Details.setClientAuthenticationScheme(header);
    googleOAuth2Details.setClientId(clientId);
    googleOAuth2Details.setClientSecret(clientSecret);
    googleOAuth2Details.setUserAuthorizationUri(authorizationUrl);
    googleOAuth2Details.setAccessTokenUri(accessTokenUrl);

    googleOAuth2Details.setScope(asList("openid","profile"));
    return googleOAuth2Details;
}

@SuppressWarnings("SpringJavaAutowiringInspection") // Provided by Spring Boot
@Resource
private OAuth2ClientContext oAuth2ClientContext;

@Bean
@Scope(value = "session", proxyMode = ScopedProxyMode.INTERFACES)
public OAuth2RestOperations authCodeRestTemplate() {
    return new OAuth2RestTemplate(googleOAuth2Details(), oAuth2ClientContext);
}

1 answers

solution1
 2 ACCPTED  2015-06-22 14:34:06

As "AuthorizationCodeResourceDetails" which is based on auth2 "authorization_code" flow doesn't accept extra parameters. Therefore, to fix this I did workaround by providing the parameter in the authorization url itself.

For eg. if the authorization url is http://localhost:8080/idp/oauth/authorize

than I have appended my extra parameter to that url like following http://localhost:8080/idp/oauth/authorize?startPoint=register

As this request will be saved into the session by Spring under SavedRequest variable which I can get later on to find out whether initiated request was for registration or login.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring security with oauth2 adding additional parameters to authorization URL? User authorization in spring security using OAuth2 OAuth2 authorization with Spring Security and Rabbitmq Spring security OAuth2 authorization process Spring Security OAuth2 correct Authorization Manager oauth2 authorization with 3.0.5 spring security Customize Spring OAUTH2 authorization request URL Implement oauth2 authorization server without using Spring Security OAuth Spring Security OAuth2 connect resource server to authorization server url with host and port Token URL fails with spring security oauth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM