Skip to content

Allow authorization request resolver to be changed for the OAuth2 client configuration #12430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
spoptchev opened this issue Dec 18, 2022 · 2 comments
Assignees
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone

Comments

@spoptchev
Copy link
Contributor

Describe the bug

The authorizationRequestResolver can't be changed in the OAuth2 client configuration. Because of this, we can't use the Twitter oAuth2 flow, which needs PKCE.

To Reproduce

To reproduce the issue you can use our example code. Just run the code in the spring-security-pkce-issue project. Please follow the README.md in the repository root directory for instructions.

Additionally, we have prepared a fix.

Expected behavior

The OAuth2 client configuration should be able to be changed so that the OAuth2AuthorizationRequestCustomizers.withPkce() customizer can be added to the authorization request resolver.

Please be aware that we explicitly do not need an OAuth2 login for our application. We just want to use the OAuth2 client configuration.

@spoptchev spoptchev added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 18, 2022
@jgrandja
Copy link
Contributor

@spoptchev You are correct, OAuth2ClientSpec.authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) is not available.

Would you be interested in submitting a PR for this enhancement? It should be similar to OAuth2LoginSpec.authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver).

@jgrandja jgrandja added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 19, 2022
@spoptchev
Copy link
Contributor Author

Hi @jgrandja, sure, I opened a PR (#12438).

@jgrandja jgrandja assigned spoptchev and unassigned jgrandja Dec 20, 2022
@jgrandja jgrandja added this to the 6.1.0-M1 milestone Dec 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants