2

I see that the authorization code is inserted into the redirectUri here inside AuthorizationEndpoint.java

private String getSuccessfulRedirect(AuthorizationRequest authorizationRequest, String authorizationCode) {

    if (authorizationCode == null) {
        throw new IllegalStateException("No authorization code found in the current request scope.");
    }

    Map<String, String> query = new LinkedHashMap<String, String>();
    query.put("code", authorizationCode);

    String state = authorizationRequest.getState();
    if (state != null) {
        query.put("state", state);
    }

    return append(authorizationRequest.getRedirectUri(), query, false);
}

I would love to be able to just add a snippet of code just where that query.put() is but i was unable to extend the class successfully. I couldn't figure out where/how to configure this as the auth endpoint I wanted to hit first. I also found it a bit extreme that I would need to extend the entire class just so i can add a few lines of code in order to append another query parameter to the authorization code response uri.

Thanks

Frank
  • 41
  • 5
  • Spring Security OAuth2 only implements the [OAuth2 spec](https://tools.ietf.org/html/rfc6749), so you have to use the ways supported by the spec. You could use the `state` query parameter or the `redirect_uri` query parameter. – dur Feb 03 '18 at 16:09

1 Answers1

0

I am not sure why my question received a downvote, but anyways...

Since @dur's comment basically said I could not do that. Thanks btw (I don see any way to upvote your comment, I am new to SO).

Solution: I decided to create a custom authentication filter that filtered before the login page appeared. I did some validation and passed it along for authentication. From there, I added a custom success handler for my filter and redirected to /oauth/authorize in order to jump into my intended authorization code flow.

Frank
  • 41
  • 5