-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support custom form parameters for client_credentials Access Token Request #6569
Comments
@fritzdj This is actually possible. You would need to supply I'm going to close this issue as answered. |
@jgrandja, thanks for the quick response. How is it possible to do that though? We are not seeing a way to update that / the class that uses it is not autowired. |
Here is a sample config @Configuration
public class WebClientConfig {
@Bean
WebClient webClient(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository) {
// TODO Obtain your custom Converter
Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> customRequestEntityConverter = null;
DefaultClientCredentialsTokenResponseClient clientCredentialsTokenResponseClient =
new DefaultClientCredentialsTokenResponseClient();
clientCredentialsTokenResponseClient.setRequestEntityConverter(customRequestEntityConverter);
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 =
new ServletOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrationRepository, authorizedClientRepository);
oauth2.setClientCredentialsTokenResponseClient(clientCredentialsTokenResponseClient);
return WebClient.builder()
.apply(oauth2.oauth2Configuration())
.build();
}
} |
Thanks again @jgrandja, this is great. What about if we are not using WebFlux? |
To be more specific, we want to use the @RegisteredOAuth2AuthorizedClient annotation. |
@fritzdj In that case, you can use this @Configuration
public class WebConfig implements WebMvcConfigurer {
private final ClientRegistrationRepository clientRegistrationRepository;
private final OAuth2AuthorizedClientRepository authorizedClientRepository;
public WebConfig(ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
this.clientRegistrationRepository = clientRegistrationRepository;
this.authorizedClientRepository = authorizedClientRepository;
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
DefaultClientCredentialsTokenResponseClient clientCredentialsTokenResponseClient =
new DefaultClientCredentialsTokenResponseClient();
clientCredentialsTokenResponseClient.setRequestEntityConverter(
new CustomClientCredentialsGrantRequestEntityConverter());
OAuth2AuthorizedClientArgumentResolver authorizedClientArgumentResolver =
new OAuth2AuthorizedClientArgumentResolver(this.clientRegistrationRepository, this.authorizedClientRepository);
authorizedClientArgumentResolver.setClientCredentialsTokenResponseClient(clientCredentialsTokenResponseClient);
argumentResolvers.add(authorizedClientArgumentResolver);
}
private static class CustomClientCredentialsGrantRequestEntityConverter implements Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> {
private final Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>> defaultRequestEntityConverter =
new OAuth2ClientCredentialsGrantRequestEntityConverter();
@Override
public RequestEntity<?> convert(OAuth2ClientCredentialsGrantRequest source) {
return this.defaultRequestEntityConverter.convert(source);
}
}
} |
@jgrandja, I would love to give that a shot. I see the contributor guidelines for the project so I will try this out. |
Hi @jgrandja , I want some like the one below. Do you have any suggest? `
|
@wangyue82lf See the following references on how to customize |
@jgrandja `
` |
Summary
There is no way currently to pass custom form parameters as part of OAuth2ClientCredentialsGrantRequestEntityConverter:
https://github.com/spring-projects/spring-security/blob/master/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverter.java
Some IDPs (Auth0 for example) require an "audience" value.
The text was updated successfully, but these errors were encountered: