Allow authorization request resolver to be changed for the OAuth2 client configuration #12430
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Milestone
Describe the bug
The
authorizationRequestResolver
can't be changed in the OAuth2 client configuration. Because of this, we can't use the Twitter oAuth2 flow, which needs PKCE.To Reproduce
To reproduce the issue you can use our example code. Just run the code in the
spring-security-pkce-issue
project. Please follow theREADME.md
in the repository root directory for instructions.Additionally, we have prepared a fix.
Expected behavior
The OAuth2 client configuration should be able to be changed so that the
OAuth2AuthorizationRequestCustomizers.withPkce()
customizer can be added to the authorization request resolver.Please be aware that we explicitly do not need an OAuth2 login for our application. We just want to use the OAuth2 client configuration.
The text was updated successfully, but these errors were encountered: