Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Provide client adaptors for common OAuth 2.0 Providers

See original GitHub issue

There are OAuth 2.0 Providers that are not spec-compliant making it difficult for user’s to integrate with using oauth2Login().

For example, LinkedIn does not return the token_type parameter in the Token Response even though it is required as per spec. However, Spring Security 5.1 allows you to customize the Token Response to workaround this issue.

This is just one example, but there are other OAuth 2.0 provider’s that are either non-compliant or require custom/additional parameters and/or headers to make oauth2Login() work.

We should consider adding out-of-the-box adaptors (connectors) for common OAuth 2.0 providers that are non-compliant. These adaptors would come with pre-configured properties (similar to CommonOAuth2Provider) as well with configured components required by oauth2Login(), for example, OAuth2AccessTokenResponseClient, OAuth2UserService, etc.

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:8 (3 by maintainers)

Top GitHub Comments

1reaction

gregsimonscommented, Oct 4, 2019

@jgranda I’ll have a try configuring aws cognito now that the userinfo endpoint has been added to their support. I initially had difficult because I had to map values directly out of the ID token in to the user oidc user profile and prevent the user info call. I’ll check this is complaint now that the endpoint has been added

1reaction

asaikalicommented, May 29, 2019

It would be great if the client adapters can be generalized in such a way that it is possible to package them in a .jar and have them be found automatically by spring security. I am thinking of a user experience similar to Spring Boot @ConfigurationProperties. Such an approach would make it possible to ship jars like

linkedin-spring-security-login.jar
stackoverflow-spring-security-login.jar
my-corporate-spring-security-login.jar

While it would be nice to have a something in spring security that out of the box includes all the config settings of all the major social networks. Many users will have internally deployed corporate OAuth2 or OIDC providers so a simple way to package my-corporate-spring-security-login.jar is going to reduce developer friction.

Top Results From Across the Web

Configuring OAuth 2.0 Authentication - eGain 21 Help

To create an OAuth 2.0 data adapter authentication configuration: From the Navigation menu, browse to Business Rules > Data Adapters > Authentication. In...

Mule 4 OAuth 2.0 Provider and Client Application Guide

This walkthrough covers how to create a Mule 4 OAuth 2.0 provider application, creating an API Specification that implements your OAuth 2.0 ......

OAuth 2.0 identity provider API - GitLab Docs

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single...

OAuth 2.0 identity providers — Starburst Enterprise

In the General tab of the Okta Admin Console, click the Client Credentials section and copy the Client ID . · Set the...

Customize OAuth 2.0 with plugins :: AM 7.2.0

Configure AM to use a Java OAuth 2.0 plugin · In the AM admin UI, go to Realms > Realm Name > Services...