This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
MIT License
2.26k
stars
1.94k
forks
source link
[QUERY] Azure Spring Boot starter - AADB2CAuthorizationRequestResolver clearing Spring Security Context #15427
Query/Question
This is related to the Azure AD B2C Spring Boot starter. It uses the AADB2CAuthorizationRequestResolver to construct the request to B2C, and as part of that, it clears the Spring Security context. See: Source
Whenever the logged in user cancels a flow, for example a profile edit or some custom policy that's not login or logout, you would expect to keep the user logged in.
Spring's DefaultOAuth2AuthorizationRequestResolver doesn't do that.
Why is this not a Bug or a feature Request?
There might be a valid reason for this behaviour.
Setup (please complete the following information if applicable):
OS: Windows
IDE : IntelliJ
Version of the Library used 2.3.3
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
Query/Question This is related to the Azure AD B2C Spring Boot starter. It uses the AADB2CAuthorizationRequestResolver to construct the request to B2C, and as part of that, it clears the Spring Security context. See: Source Whenever the logged in user cancels a flow, for example a profile edit or some custom policy that's not login or logout, you would expect to keep the user logged in. Spring's DefaultOAuth2AuthorizationRequestResolver doesn't do that.
Why is this not a Bug or a feature Request? There might be a valid reason for this behaviour.
Setup (please complete the following information if applicable):
Version of the Library used 2.3.3
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report