Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update ref doc for OAuth2AuthorizationRequestResolver

Browse Source 
Fixes gh-7405
This commit is contained in:
Joe Grandja 2019-09-20 19:00:16 -04:00
parent 324e066717
commit c5fd646afc
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc
View File

@ -407,6 +407,28 @@ A request with the base path `/oauth2/authorization/okta` will initiate the Auth
The `AuthorizationCodeOAuth2AuthorizedClientProvider` is an implementation of `OAuth2AuthorizedClientProvider` for the Authorization Code grant,
which also initiates the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter`.
The `DefaultOAuth2AuthorizationRequestResolver` also supports `URI` template variables for the `redirect-uri` using `UriComponentsBuilder`.
The following configuration uses all the supported `URI` template variables:
[source,yaml]
----
spring:
security:
oauth2:
client:
registration:
okta:
...
redirect-uri: "{baseScheme}{baseHost}{basePort}{basePath}/authorized/{registrationId}"
...
----
[NOTE]
`{baseUrl}` resolves to `{baseScheme}{baseHost}{basePort}{basePath}`
Configuring the `redirect-uri` with `URI` template variables is especially useful when the OAuth 2.0 Client is running behind a <<appendix-proxy-server, Proxy Server>>.
This ensures that the `X-Forwarded-*` headers are used when expanding the `redirect-uri`.
===== Customizing the Authorization Request
@ -504,6 +526,20 @@ public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRe
[TIP]
`OAuth2AuthorizationRequest.Builder.build()` constructs the `OAuth2AuthorizationRequest.authorizationRequestUri`, which represents the complete Authorization Request URI including all query parameters using the `application/x-www-form-urlencoded` format.
For the simple use case, where the additional request parameter is always the same for a specific provider, it can be added directly in the `authorization-uri`.
For example, if the value for the request parameter `prompt` is always `consent` for the provider `okta`, than simply configure as follows:
[source,yaml]
----
spring:
security:
oauth2:
client:
provider:
okta:
authorization-uri: https://dev-1234.oktapreview.com/oauth2/v1/authorize?prompt=consent
----
The preceding example shows the common use case of adding a custom parameter on top of the standard parameters.
Alternatively, if your requirements are more advanced, than you can take full control in building the Authorization Request URI by simply overriding the `OAuth2AuthorizationRequest.authorizationRequestUri` property.