We should consider adding support for configuring OAuth2AuthorizationRequestResolver by publishing a bean. This would simplify this customization and allow for the following configuration:
@Bean
public OAuth2AuthorizationRequestResolver authorizationRequestResolver(
ClientRegistrationRepository clientRegistrationRepository) {
var authorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository,
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
authorizationRequestResolver.setAuthorizationRequestCustomizer(
OAuth2AuthorizationRequestCustomizers.withPkce());
return authorizationRequestResolver;
}
We should consider adding support for configuring
OAuth2AuthorizationRequestResolver
by publishing a bean. This would simplify this customization and allow for the following configuration:The same would apply with the reactive stack and
ServerOAuth2AuthorizationRequestResolver
. See this comment for additional context. cc @randomstuff