Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow deep customize for nonstandard OAuth 2.0 provider.

See original GitHub issue

I’ve reported spring-security related issue in the wrong place (in spring-boot project). The link of that issue I wanted to report: https://github.com/spring-projects/spring-boot/issues/17148

I have pointed out that wechat not only the authentication URL does not follow the specification, but other aspects also not follow, however, I can customize them without javassist.

In my opinion, do not need to support the nonstandard OAuth 2.0 providers, but make the code more flexible to allow the developers can deep customize them.

The spring security version I’m using is 5.1.5.RELEASE.

Issue Analytics

State:
Created 4 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

jgrandjacommented, Jun 20, 2019

@zhangyanwei No worries. We do want to ensure that our API’s provide flexibility for customizations even when the provider doesn’t comply with the related specifications. So please do let us know if you run into a situation where there isn’t an option to customize and we’ll do our best to accommodate.

1reaction

jgrandjacommented, Jun 17, 2019

@zhangyanwei

I meant to build a URL (authorizationRequestUri field in OAuth2AuthorizationRequest class) with ordered query parameters.

The documentation shows how you can build the full URL for authorizationRequestUri:

The following example shows a variation of the customAuthorizationRequest() method from the preceding example, and instead overrides the OAuth2AuthorizationRequest.authorizationRequestUri property.

private OAuth2AuthorizationRequest customAuthorizationRequest(
        OAuth2AuthorizationRequest authorizationRequest) {

    String customAuthorizationRequestUri = UriComponentsBuilder
            .fromUriString(authorizationRequest.getAuthorizationRequestUri())
            .queryParam("prompt", "consent")
            .build(true)
            .toUriString();

    return OAuth2AuthorizationRequest.from(authorizationRequest)
            .authorizationRequestUri(customAuthorizationRequestUri)
            .build();
}

The code snippet above shows this. You have full control on building the custom URL customAuthorizationRequestUri and than setting it in OAuth2AuthorizationRequest.Builder.authorizationRequestUri.

Top Results From Across the Web

[Enhancement] Allow deep customize for nonstandard OAuth ...

Recently, I have tried to make my application as wechat OAuth 2.0 client like GitHub, Google, etc. But the wechat not strict follows...

Microsoft identity platform and OAuth 2.0 authorization code flow

The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected ...

RFC 6749: The OAuth 2.0 Authorization Framework

The authorization server MAY accept any form of client authentication meeting its security requirements. Confidential clients are typically issued (or ...

OAuth 2 Session — Authlib 1.2.0 documentation

This documentation covers the common design of a Python OAuth 2.0 client. Authlib provides three implementations of OAuth 2.0 client: requests_client.

What the Heck is OAuth? - Okta Developer

OAuth 2.0 is a standard that apps can use to provide client applications with secure delegated access. OAuth works over HTTPS and authorizes ......