New to spring boot and I'm working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties
.
spring.security.oauth2.resource.jwk.key-set-uri=xxxxxxxx
spring.security.oauth2.client.registration.azure.client-secret=xxxx
spring.security.auth2.client.registration.azure.client-id=xxxxx
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.client-name=azure
spring.security.oauth2.client.registration.azure.provider=azure
spring.security.oauth2.client.registration.azure.scope=openid,profile,email,offline_access
spring.security.oauth2.client.provider.test.token-uri=xxxxx
spring.security.oauth2.client.registration.test.client-id=xxxxx
spring.security.oauth2.client.registration.test.client-secret=xxxxx
spring.security.oauth2.client.registration.test.authorization-grant-type=client_credentials
example of login prompt
This works. The problem now is when visiting the application for the first time, you are prompted to choose which service you would like to login with, either azure or test. I would like to be able to set a default for this and use azure for logging into the application so the user isn't prompted.
http.authorizeRequests()
.antMatchers("/impersonate/**").hasAnyRole(roleAdmin)
.antMatchers("/login", "/health").permitAll()
.anyRequest().authenticated()
.antMatchers("/logout").hasRole(prevRoleAdmin)
.anyRequest().fullyAuthenticated()
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/admin")
.and()
.oauth2Login() // Is there a way to pass which registration it should use after this?
.userInfoEndpoint()
.oidcUserService(this.oidcUserService())
;
Is there any way to set this to seek out and use the creds for azure?
By default, Spring Security shows the chooser page, but you can set the login page to a specific client:
@Configuration
public class RedirectToAzureConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http
// ...
.oauth2Login(oauth2 -> oauth2
.loginPage("/oauth2/authorization/azure")
);
}
}
For every client listed in your application.properties
, Spring Security will respond to /oauth2/authorization/{registrationId}
requests and negotiate with the corresponding authorization server to get the user logged in.
If you need to programmatically decide what to redirect to, you can register an AuthenticationEntryPoint
instead of setting the loginPage()
.