How to append custom request header during Authorization endpoint call in Spring Boot OpenID Connect

Question

I'm using spring 5.3.25. The Identity Provider implemented a security in authorization and token endpoint in OIDC such that the endpoints are expecting a certain request header value from the OIDC client. For example, authorization and token endpoint is checking if value of header tenant-identity is present. Is there a way to insert this custom header value in configure method of WebSecurityConfigurerAdapter?

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/", "/authorize**", "/login**", "/webjars/**", "/error**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and().logout().logoutSuccessUrl("/").permitAll()
                .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

Or is there other way where we can add this custom header when spring sent a request to authorization and token endpoint?

I'm new in OpenID connect so I'm not familiar on how to add custom header to the request in authorization and token endpoint.

Answer 1

Spring Security has support for customizing the requests for the authorization and token endpoints.

See the official documentation:

• https://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.html#_customizing_the_authorization_request
• https://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.html#_customizing_the_access_token_request