I am using spring-security-oauth2-client. The redirect-uri in application.properties looks like this:
spring.security.oauth2.client.registration.<client>.redirect-uri=https://custom-server.com/auth
I need to dynamically add some information to the url, for example via a path parameter, just like this:
https://custom-server.com/auth?id=123
or https://custom-server.com/auth?id=321
SecurityConfig is given below:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/login/auth").authenticated()
.anyRequest().permitAll()
.and()
.oauth2Login();
return http.build();
}
}
is it possible to add params (request or path) to redirect-url
depending on conditions?
So, as @wjans mentioned, passing param to redirect-url possible by implementing OAuth2AuthorizationRequestResolver
:
public class CustomOAuth2AuthorizationRequestResolverimplements
OAuth2AuthorizationRequestResolver {
private static final String CUSTOM_PARAM = "id";
private final OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver;
public ConfigurableOAuth2AuthorizationRequestResolver(OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver) {
this.oAuth2AuthorizationRequestResolver = oAuth2AuthorizationRequestResolver;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest =
this.oAuth2AuthorizationRequestResolver.resolve(request);
return processAdditionalParameters(authorizationRequest);
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request,
String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest =
this.oAuth2AuthorizationRequestResolver.resolve(request, clientRegistrationId);
return processAdditionalParameters(authorizationRequest);
}
private OAuth2AuthorizationRequest processAdditionalParameters(OAuth2AuthorizationRequest authorizationRequest) {
if (authorizationRequest == null) {
return null;
}
String redirectUri = UriComponentsBuilder
.fromUriString(authorizationRequest.getRedirectUri())
.queryParam(CUSTOM_PARAM, UUID.randomUUID())
.build(true).toUriString();
return OAuth2AuthorizationRequest.from(authorizationRequest)
.redirectUri(redirectUri)
.build();
}
}
and register that resolver as:
@Bean
public OAuth2AuthorizationRequestResolver authorizationRequestResolver() {
OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository(),
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
);
return new CustomOAuth2AuthorizationRequestResolver(defaultAuthorizationRequestResolver);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
...
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(
authorizationRequestResolver());
return http.build();
}