Closed mucsi96 closed 1 year ago
Hi @mucsi96!
Would great to have something similar to
defaultSuccessUrl
as in case of OAuth2 login for OAuth2 client flow as well instead of redirecting to previous request from request cache after successful authentication of oauth2 client.I would like to respond with redirection to a URL which is not handled by Spring (not in request cache). I need to redirect to public root URL of SPA after successful authentication of oauth2 client.
I wonder how you are initiating the flow to authorize the client? If you launch the flow in your application today, where does it redirect to?
If you begin the flow to authorize the client from a specific URL, that URL should be what you return to. In a typical setup, this would be an application-specific URL where you can perform any action. For example:
@RestController
public class AuthorizationController {
@GetMapping("/authorize")
public void authorize(
@RegisteredOAuth2AuthorizedClient("my-client-registration-id")
OAuth2AuthorizedClient authorizedClient,
HttpServletResponse response) throws IOException {
response.sendRedirect("..."); // Redirect to SPA
}
}
This example utilizes the OAuth2AuthorizedClientManager
. The docs also cover how you can supply your own OAuth2AuthorizationSuccessHandler
if needed. The default provided by the framework simply saves the OAuth2AuthorizedClient
. A custom implementation could presumably perform a redirect after saving the client. However, this doesn't seem necessary.
Currently it's not possible to customize the flow in
OAuth2AuthorizationCodeGrantFilter
after successful authentication of oauth2 client.
Perhaps I'm misunderstanding your request. Can you elaborate on why you feel this is impossible?
The flow start from 401
error response from REST endpoint.
{
"_links": {
"oauth2Login": {
"href": "http://localhost:8080/oauth2/authorization/withings-client"
}
}
}
After this SPA using provided link redirect to Spring's built-in endpoint /oauth2/authorization/{registrationId}
which redirect to third party authorization server and it redirects back to Spring built-in endpoint /authorize/oauth2/code/{registrationId}
which is responsible for getting the authorization token from authorization server using the received code. This flow is driver by OAuth2AuthorizationCodeGrantFilter
The issue is that I see not way to escape from this filter in elegant way to avoid redirecting back to previous request in request cache. I want to redirect to URL which is outside of Spring context (SPA root url).
Thx a lot for giving an example. I thing it would work. But I see few minor issues with it:
/oauth2/authorization/{registrationId}
already in place@RegisteredOAuth2AuthorizedClient("my-client-registration-id") OAuth2AuthorizedClient authorizedClient
seems to be a bit weird as I don't need the authorizedClient
here. So I would add it just to kick-in the flow. So I see this not too elegant/authorize
to make this flow work just because of "baked-in" logic of redirecting back to previous request in request cache.@mucsi96 This looks like a duplicate of gh-11069 cc/ @sjohnr
Expected Behavior
Would great to have something similar to
defaultSuccessUrl
as in case of OAuth2 login for OAuth2 client flow as well instead of redirecting to previous request from request cache after successful authentication of oauth2 client.Current Behavior
Currently it's not possible to customize the flow in
OAuth2AuthorizationCodeGrantFilter
after successful authentication of oauth2 client.Context
I have a REST base microservice in Kubernetes cluster consuming OAuth2 provider with authorization code grant flow using Spring OAuth2 client. I would like to respond with redirection to a URL which is not handled by Spring (not in request cache). I need to redirect to public root URL of SPA after successful authentication of oauth2 client.
The only workaround I am aware of is
OAuth2AuthorizationCodeGrantFilter
which would catch the custom dummy error and do the custom redirection to URL outside Spring scope (SPA root page)