search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
521 stars 84 forks source link

Configuration properties to add parameters to token requests #184

Closed ch4mpy closed 6 months ago

ch4mpy commented 6 months ago

Is your feature request related to a problem? Please describe. Some OpenID Providers expect some extra parameters on the token request. This is the case for instance of Auth0 which expects an audience parameter for client-credentials flow request to token endpoint.

Describe the solution you'd like Configuration properties just like spring-addons-starter-oidc already offers for authorization request.

Something like the token-request-params in the following sample conf:

issuer: https://dev-ch4mpy.eu.auth0.com/
client-id: change-me
client-secret: change-me
audience: demo.c4-soft.com

spring:
  security:
    oauth2:
      client:
        provider:
          auth0:
            issuer-uri: ${issuer}
        registration:
          auth0-users:
            provider: auth0
            authorization-grant-type: authorization_code
            client-id: ${client-id}
            client-secret: ${client-secret}
            scope: openid, profile, mail, offline_access
          auth0-backend:
            provider: auth0
            authorization-grant-type: client_credentials
            client-id: ${client-id}
            client-secret: ${client-secret}
            scope: openid, profile, mail, offline_access

com:
  c4-soft:
    springaddons:
      oidc:
        ops:
        - iss: ${issuer}
          aud: ${audience}
          username-claim: $['https://c4-soft.com/user']['name']
          authorities:
          - path: $['https://c4-soft.com/user']['roles']
          - path: $.permissions
        resourceserver:
          permit-all: 
          - /actuator/health/readiness
          - /actuator/health/liveness
          - /v3/api-docs/**
          - /api/public
          - /swagger-ui.html
          - /swagger-ui/**
        client:
          security-matchers:
          - /login/**
          - /oauth2/**
          - /logout
          - /
          - /ui/**
          permit-all:
          - /login/**
          - /oauth2/**
          - /
          - /ui/**
          client-uri: ${client-uri}
          post-login-redirect-path: /ui/home
          post-logout-redirect-path: /ui/greet
          oauth2-logout:
            auth0-confidential-user:
              uri: ${auth0-issuer}v2/logout
              client-id-request-param: client_id
              post-logout-uri-request-param: returnTo
          authorization-request-params:
            auth0-users:
            - name: audience
              value: ${audience}
          token-request-params:
            auth0-backend:
            - name: audience
              value: ${audience}
ch4mpy commented 6 months ago

Released with 7.4.1