Closed sadanyoyo closed 4 months ago
My mistake, I forgot config oauth2ResourceServer part. This work:
@Bean
@Order(1)
fun securityChain(http: HttpSecurity): SecurityFilterChain {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer::class.java).apply {
this.clientAuthentication { }
oidc {
it.clientRegistrationEndpoint(Customizer.withDefaults())
}
}
http.oauth2ResourceServer {
it.jwt(Customizer.withDefaults())
}
return http.build()
}
I set up my security config with this:
and start my app.
OidcClientRegistrationEndpointFilter
will be registed at the end of the security filter chain, afterAuthorizationFilter
, which mean it need a authentication (provided by OAuth2ClientAuthenticationFilter, I guess).BUT!
OAuth2ClientAuthenticationFilter
does not handleOidcClientRegistrationEndpointFilter
request, because it only handle this four request:How can I do? I cannot modify
requestMathcer
inOAuth2ClientAuthenticationFilter
, and I cannot modifyOAuth2ClientAuthenticationConfigurer
.Please help.