search

georchestra / georchestra-gateway

GNU General Public License v3.0
0 stars 6 forks source link

oauth2 client proxy configuration not used in every cases #8

Closed pmauduit closed 2 years ago

pmauduit commented 2 years ago

When trying to login onto a oauth2 provider, 2 different requests are made by the SP gateway:

  1. a first POST request onto the token-uri
  2. a second GET request onto the user-info-uri

Setting a breakpoint on ExchangeFunctions.java:117, we can see both ones getting out, but:

  1. the POST is performed having a non-null this.connector.httpClient.config.proxyProvider
  2. The GET one coming afterwards has the previously mentioned proxyProvider not set (null)
pmauduit commented 2 years ago

It seems from my understanding that the DefaultReactiveOauth2UserService class also requires a webclient configured to use a proxy: https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java#L81

Request being prepared here: https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java#L172-L177