Add context path to authorization request URI

Fixes gh-4510

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.java

@@ -151,6 +151,7 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
 		uriVariables.put("scheme", request.getScheme());
 		uriVariables.put("serverName", request.getServerName());
 		uriVariables.put("serverPort", String.valueOf(request.getServerPort()));
+		uriVariables.put("contextPath", request.getContextPath());
 		uriVariables.put("clientAlias", clientRegistration.getClientAlias());
 
 		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())

samples/boot/oauth2login/src/main/resources/META-INF/oauth2-clients-defaults.yml

@@ -4,7 +4,7 @@ security:
       google:
         client-authentication-method: basic
         authorized-grant-type: authorization_code
-        redirect-uri: "{scheme}://{serverName}:{serverPort}/oauth2/authorize/code/{clientAlias}"
+        redirect-uri: "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}"
         scopes: openid, profile, email, address, phone
         authorization-uri: "https://accounts.google.com/o/oauth2/auth"
         token-uri: "https://accounts.google.com/o/oauth2/token"
@@ -15,7 +15,7 @@ security:
       github:
         client-authentication-method: basic
         authorized-grant-type: authorization_code
-        redirect-uri: "{scheme}://{serverName}:{serverPort}/oauth2/authorize/code/{clientAlias}"
+        redirect-uri: "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}"
         scopes: user
         authorization-uri: "https://github.com/login/oauth/authorize"
         token-uri: "https://github.com/login/oauth/access_token"
@@ -26,7 +26,7 @@ security:
       facebook:
         client-authentication-method: post
         authorized-grant-type: authorization_code
-        redirect-uri: "{scheme}://{serverName}:{serverPort}/oauth2/authorize/code/{clientAlias}"
+        redirect-uri: "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}"
         scopes: public_profile, email
         authorization-uri: "https://www.facebook.com/v2.8/dialog/oauth"
         token-uri: "https://graph.facebook.com/v2.8/oauth/access_token"
@@ -37,7 +37,7 @@ security:
       okta:
         client-authentication-method: basic
         authorized-grant-type: authorization_code
-        redirect-uri: "{scheme}://{serverName}:{serverPort}/oauth2/authorize/code/{clientAlias}"
+        redirect-uri: "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}"
         scopes: openid, profile, email, address, phone
         client-name: Okta
         client-alias: okta

web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java

@@ -268,7 +268,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 			sb.append("<table>\n");
 			for (Map.Entry<String, String> clientAuthenticationUrlToClientName : oauth2AuthenticationUrlToClientName.entrySet()) {
 				sb.append(" <tr><td>");
-				sb.append("<a href=\"").append(clientAuthenticationUrlToClientName.getKey()).append("\">");
+				sb.append("<a href=\"").append(request.getContextPath()).append(clientAuthenticationUrlToClientName.getKey()).append("\">");
 				sb.append(clientAuthenticationUrlToClientName.getValue());
 				sb.append("</a>");
 				sb.append("</td></tr>\n");