Add an option to customize ServerRedirectStrategy in the OAuth2AuthorizationRequestRedirectWebFilter #11373
Assignees
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: duplicate
A duplicate of another issue
type: enhancement
A general enhancement
Comments
igorbolic
added
status: waiting-for-triage
rwinch
added
in: oauth2
|
Thanks for reaching out @igorbolic Would you be interested in submitting a pull request for this? |
|
Of course, I'll try to find some time this week... Thanks for quick reply 👍 |
igorbolic
added a commit
to igorbolic/spring-security
that referenced
this issue
Jul 6, 2022
The default redirect strategy will provide authorization redirect URI within HTTP 302 response Location header. Allowing the configuration of custom redirect strategy will provide an option for the clients to obtain the authorization URI from e.g. HTTP response body as JSON payload, without a need to handle automatic redirection initiated by the HTTP Location header. Closes spring-projectsgh-11373
rwinch
pushed a commit
that referenced
this issue
Aug 8, 2022
The default redirect strategy will provide authorization redirect URI within HTTP 302 response Location header. Allowing the configuration of custom redirect strategy will provide an option for the clients to obtain the authorization URI from e.g. HTTP response body as JSON payload, without a need to handle automatic redirection initiated by the HTTP Location header. Closes gh-11373
|
Closing this as duplicate in favor of gh-11387 |
rwinch
pushed a commit
that referenced
this issue
Aug 8, 2022
The default redirect strategy will provide authorization redirect URI within HTTP 302 response Location header. Allowing the configuration of custom redirect strategy will provide an option for the clients to obtain the authorization URI from e.g. HTTP response body as JSON payload, without a need to handle automatic redirection initiated by the HTTP Location header. Closes gh-11373
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice to be able to customize the redirect strategy within
OAuth2AuthorizationRequestRedirectWebFilter, so that we are able to return to the client e.g. HTTP Status 200 OK with redirect URL in the response payload, instead of the default behavior of HTTP Status 302 Found with Location header containing redirect URL.Our FE is SPA and BE is Spring Boot application. The FE uses XMLHttpRequests client to retrieve the redirect URL from our BE service for the OAuth authorization flow.
The current
OAuth2AuthorizationRequestRedirectWebFilter's response causes the FE client library to automatically follow Location URL.Sending the response as HTTP Status 200 OK and having redirect URL as part of the payload via custom
ServerRedirectStrategy, would allow us inform the FE client of the redirect URL and use the value to send the user to the OAuth providers page for authorization.ATM we have a custom implementation of
OAuth2AuthorizationRequestRedirectWebFilter, where we have changed only theServerRedirectStrategyto achieve the above mentioned behavior.The text was updated successfully, but these errors were encountered: