Spring boot, Security, OAuth2: Is possible to use custom AuthorizationCodeResourceDetails? Auth server requires specific params in redirect url

Question

I'm developing an OAuth2 Client with SpringBoot. A third-party auth server requires specific params in redirect urls.

My app.yml

 acme:
    client:
      clientId:     acme
      clientSecret: acmepassword
      accessTokenUri:       http://localhost:8080/sso/oauth/token
      userAuthorizationUri: http://localhost:8080/sso/oauth/authorize
      specificParam1: specific1
      specificParam2: specific2

    resource:
      userInfoUri:    http://localhost:8080/sso/api/me

I've created my CustomClientResourceDetails by extending from AuthorizationCodeResourceDetails.

public class CustomClientResourceDetails extends AuthorizationCodeResourceDetails {
    private String specificParam1;
    private String specificParam2;
    ...    
}

And @Autowire it in my SecurityConfig. I've also created a custom filter

  @Configuration
    @EnableOAuth2Client
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {      
        @Autowired
        OAuth2ClientContext oauth2ClientContext;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
         ...
        .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
     }

        @Bean
        public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
            FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<OAuth2ClientContextFilter>();
            registration.setFilter(filter);
            registration.setOrder(-100);
            return registration;
        }

        private Filter ssoFilter() {
            OAuth2ClientAuthenticationProcessingFilter customFilter = new OAuth2ClientAuthenticationProcessingFilter(LOGIN);
            OAuth2RestTemplate customTemplate = new OAuth2RestTemplate(custom(), oauth2ClientContext);
            customFilter.setRestTemplate(customTemplate);
            UserInfoTokenServices tokenServices = new UserInfoTokenServices(customResource().getUserInfoUri(),
                    custom().getClientId());
            tokenServices.setRestTemplate(customTemplate);
            customFilter.setTokenServices(
                    new UserInfoTokenServices(customResource().getUserInfoUri(), custom().getClientId()));
            return customFilter;
        }

        @Bean
        @ConfigurationProperties("acme.client")
        @Primary
        public AuthorizationCodeResourceDetails custom() {
            return new CustomClientResourceDetails();
        }

        @Bean
        @ConfigurationProperties("acme.resource")
        public ResourceServerProperties customResource() {
            return new ResourceServerProperties();
        }
    }

But specific param don't included in redirect url because OAuth2ClientAuthenticationProcessingFilter and the associated with it classes work via OAuth2RestOperations or 'OAuth2ProtectedResourceDetails' where only default params.

Is it possible include additional params to redirect urls? And how?

Thanks for any help!

Answer 1

I am assuming that you need to send some dynamic parameter while being redirected to authorization page of IDP. In this case, you can extennd AuthorizationCodeAccessTokenProvider and override method getRedirectForAuthorization. You can add your custom parameter like this:

// add all your custom parameter to 'requestParameters'
requestParameters.put("myCustomParameter","myCustomParameterValue");

UserRedirectRequiredException redirectException = new UserRedirectRequiredException(
                    resource.getUserAuthorizationUri(), requestParameters);