Open sealte opened 1 month ago
@sealte At the moment, OAuth2TokenEndpointFilter
and OAuth2AuthorizationEndpointFilter
expose a setAuthenticationDetailsSource()
.
OAuth2ClientAuthenticationFilter
is not considered a "Protocol Endpoint" so we would not expose a setAuthenticationDetailsSource()
.
You referred to OAuth2TokenRevocationEndpointFilter
...is this where you are requesting to expose setAuthenticationDetailsSource()
?
@jgrandja Yes. Perhaps OAuth2TokenRevocationEndpointFilter exposing setAuthenticationDetailsSource would be better
@sealte Sure, we can look at adding OAuth2TokenRevocationEndpointFilter.setAuthenticationDetailsSource()
. Would you be able to submit a PR for this?
Expected Behavior OAuth2ClientAuthenticationFilter should use customized authenticationDetailsSource.
Current Behavior Custom authenticationDetailsSource for OAuth2ClientAuthenticationFilter can't be set from OAuth2AuthorizationServerConfigurer.
Context Perhaps OAuth2TokenRevocationEndpointFilter needs to obtain the client's IP from HttpServletRequest. I found that the code for setting WebAuthenticationDetailsSource in the revoke process has only appeared in OAuth2ClientAuthenticationFilter, so there needs to be an entry to configure OAuth2ClientAuthenticationFilter.authenticationDetailsSource.
Existing and closed issues