Cannot set custom userInfoEndpoint user/oidc user service #136
Comments
|
(possibly getting the current context similar to this: https://github.com/okta/okta-spring-boot/blob/master/oauth2/src/main/java/com/okta/spring/boot/oauth/OktaOAuth2Configurer.java#L46) |
|
My use case for injecting my own code in the spring boot + oauth + okta flow is as follows. We will be supporting 3 different types of applications on our side: a legacy (JBOSS) app with spring xml-config and custom "homegrown" security, a JBOSS app with spring security and a spring boot app. We would like to add information to the OAuth2AuthenticationToken which is the object ultimately returned by Spring. We would like to add our own authorities to the existing ones added by oauth/okta. Also, we need to add a custom security user object to the http session which is used by the legacy app. This information comes from our Oracle database, and we will use the loginId (from Okta) as a key to lookup the Oracle data. That means our code HAS to follow the back-channel calls that are initiated from Spring's OidcAuthorizationCodeAuthenticationProvider. |
|
@jkennedy4 Thanks that helps! |
|
i have a very similar use case to @jkennedy4 , where i want to add to the authorities during auth. |
|
I have the same problem. I want to provide a custom oidc user service to add some custom authorities by querying a database. |
…ties Converted existing code to use this new interface (scopes and groups) Fixes: #136
|
Anyone watching this issue, I just created a PR with how I've been thinking about solving this. Feedback welcome! TL;DR: @Bean
AuthoritiesProvider myCustomAuthoritiesProvider() {
return (user, userRequest) -> lookupExtraAuthoritesByName(user.getAttributes().get("email"));
}(There is still a little bit of cleanup to do on this PR, but I think it should provide an easy way to add custom GrantedAuthorites) |
|
Is there an update as to when this change would be in? |
|
@bdemers Yes that would work. Like you mentioned setting the user service would be super ideal too and would remove the need for this Authorities providers since you could then just override the user service that could extend off of yours and only override those methods. But this change would at least unblock us for now and let us leverage spring security properly which is ideal |
Previously we used an AbstractHttpConfigurer to set the Okta implementation of the OAuth2UserService (and oidc user service) This made replacing Okta impl impossible to replace due to how/when those impls were configured. Now they loaded automatically. Fixes: #136
Previously we used an AbstractHttpConfigurer to set the Okta implementation of the OAuth2UserService (and oidc user service) This made replacing Okta impl impossible to replace due to how/when those impls were configured. Now they loaded automatically. Fixes: #136
…ties Converted existing code to use this new interface (scopes and groups) Fixes: #136
…ties Converted existing code to use this new interface (scopes and groups) Fixes: #136
…ties Converted existing code to use this new interface (scopes and groups) Fixes: #136
|
#146 added the authoritiesProviders to Edit: Did not check the other issues, but this comment clearly a duplicate with #160! |
|
@jevanlingen +1 |
This is caused by the use of a factory configured in
META-INF/spring.factoriesorg.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = \ com.okta.spring.boot.oauth.OktaOAuth2ConfigurerMaybe we can change this logic to lookup a bean from the context instead. Otherwise, we might need to provide some other way to allow custom Authorities to be added to the current user.
The text was updated successfully, but these errors were encountered: