mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-23 23:31:27 +00:00
95e0e7243d
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").
Now we are storing the session attribute and getting redirected back to
the original URI as expected.
Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop
Fixes gh-6341