Package com.xebialabs.platform.sso.oidc.web

Class CustomAuthorizationRequestResolver

java.lang.Object
com.xebialabs.platform.sso.oidc.web.CustomAuthorizationRequestResolver
All Implemented Interfaces:
org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
public class CustomAuthorizationRequestResolver extends Object implements org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
A PKCE add-on for DefaultOAuth2AuthorizationRequestResolver that attempts to resolve an OAuth2AuthorizationRequest from the provided HttpServletRequest using the default request URI pattern /oauth2/authorization/{registrationId}. By default for confidential clients, Spring-Security does not provide support for PKCE. It is default for public clients. Once https://github.com/spring-projects/spring-security/pull/7804 is merged, PKCE with confidential clients will be the default behavior. And this custom request resolver can be removed. Learn more about this custom class https://developer.okta.com/blog/2020/01/23/pkce-oauth2-spring-boot#making-pkce-work-for-confidential-clients-in-spring-security
See Also:
  • DefaultOAuth2AuthorizationRequestResolver
  • OAuth2AuthorizationRequestResolver
  • OAuth2AuthorizationRequestRedirectFilter

  • Constructor Summary

    Constructors
    Constructor
    Description
    CustomAuthorizationRequestResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, String authorizationRequestBaseUri)
     
    CustomAuthorizationRequestResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, String authorizationRequestBaseUri, Map<String,Object> additionalParameters)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
    resolve(jakarta.servlet.http.HttpServletRequest servletRequest)
     
    org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
    resolve(jakarta.servlet.http.HttpServletRequest servletRequest, String clientRegistrationId)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CustomAuthorizationRequestResolver

      public CustomAuthorizationRequestResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, String authorizationRequestBaseUri, Map<String,Object> additionalParameters)

    • CustomAuthorizationRequestResolver

      public CustomAuthorizationRequestResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, String authorizationRequestBaseUri)

  • Method Details

    • resolve

      public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve(jakarta.servlet.http.HttpServletRequest servletRequest)
      Specified by:
      resolve in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver

    • resolve

      public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve(jakarta.servlet.http.HttpServletRequest servletRequest, String clientRegistrationId)
      Specified by:
      resolve in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver