0

i used this code from https://github.com/spring-projects/spring-authorization-server/tree/main/samples/federated-identity-authorizationserver and i could successfully connect it to microsoft azure b2c. i have one spring cloud gateway which is registered inside federated authorization server and my authorization server is registered in b2c. now authorization code flow works fine with help of end user but now i want to user client_credential flow inside authorization server but without federation to b2c. i just need a token be created by authorization server not in federated manner. but when i ask for token from authorization server it will be redirected to login page

i created separate client in spring authorization server only supporting client credential flow but not working

i think the problem is with this class

 *
 * @author Steve Riesenberg
 * @since 0.2.3
 */
public final class FederatedIdentityAuthenticationEntryPoint implements AuthenticationEntryPoint {

    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private final AuthenticationEntryPoint delegate;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private String authorizationRequestUri = "/api" +
            OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/{registrationId}";

    public FederatedIdentityAuthenticationEntryPoint(String loginPageUrl,
                                                     ClientRegistrationRepository clientRegistrationRepository) {
        this.delegate = new LoginUrlAuthenticationEntryPoint(loginPageUrl);
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException authenticationException) throws IOException, ServletException {
    /*  String idp = request.getParameter("idp");
        if (idp != null) {*/
        ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId("microsoft-idp");
        if (clientRegistration != null) {
            String redirectUri = UriComponentsBuilder.fromHttpRequest(new ServletServerHttpRequest(request))
                    .replaceQuery(null)
                    .replacePath(this.authorizationRequestUri)
                    .buildAndExpand(clientRegistration.getRegistrationId())
                    .toUriString();
            this.redirectStrategy.sendRedirect(request, response, redirectUri);
            return;
            //}
        } else {



        }

        this.delegate.commence(request, response, authenticationException);
    }

    public void setAuthorizationRequestUri(String authorizationRequestUri) {
        this.authorizationRequestUri = authorizationRequestUri;
    }
}

every thing will be redirected to IDP, what if i just want client credential flow from auth-server itself not external IDP?

dur
  • 15,689
  • 25
  • 79
  • 125
user1593966
  • 21
  • 3
  • How are you making a request to the server for the `client_credentials` grant? You should only be making a token request, for example ```curl --location 'http://localhost:9000/oauth2/token' -u 'messaging-client:secret' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'scope=message.read message.write'``` – Steve Riesenberg Apr 13 '23 at 17:54

0 Answers0