nick_j_white
Reputation: 644
Add query parameters to social login authorisation URI with spring security
I am curretly using spring security for Oauth2 login via social providers (google, facebook etc). The current setup is based heavily on the following tutorial: https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/
i.e. login is initialised by hitting a REST endpoint: https://example.com/oauth2/authorize/{registrationId} which, after storing information about the login session (state + final redirectUri) in a browser cookie, will redirect the client to the requested provider's authorisation URI.
SecurityConfig.java:
package com.example.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.example.security.*;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
securedEnabled = true,
jsr250Enabled = true,
prePostEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomOAuth2UserService customOAuth2UserService;
@Autowired
private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
@Autowired
private OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;
@Autowired
private HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
@Bean
public TokenAuthenticationFilter tokenAuthenticationFilter() {
return new TokenAuthenticationFilter();
}
/*
By default, Spring OAuth2 uses HttpSessionOAuth2AuthorizationRequestRepository to save
the authorization request. But, since our service is stateless, we can't save it in
the session. We'll save the request in a Base64 encoded cookie instead.
*/
@Bean
public HttpCookieOAuth2AuthorizationRequestRepository cookieAuthorizationRequestRepository() {
return new HttpCookieOAuth2AuthorizationRequestRepository();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable()
.formLogin()
.disable()
.httpBasic()
.disable()
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers("/oauth2/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.authorizationEndpoint()
.baseUri("/oauth2/authorize")
.authorizationRequestRepository(cookieAuthorizationRequestRepository())
.and()
.redirectionEndpoint()
.baseUri("/oauth2/callback/*")
.and()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(oAuth2AuthenticationFailureHandler)
;
// Add our custom Token based authentication filter
http.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
public HttpCookieOAuth2AuthorizationRequestRepository getHttpCookieOAuth2AuthorizationRequestRepository() {
return httpCookieOAuth2AuthorizationRequestRepository;
}
public void setHttpCookieOAuth2AuthorizationRequestRepository(
HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository) {
this.httpCookieOAuth2AuthorizationRequestRepository = httpCookieOAuth2AuthorizationRequestRepository;
}
}
In the case of Google authorisation, the following is set in application.properties:
#Social Providers OAuth2 settings
spring.security.oauth2.client.registration.google.clientId=abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.clientSecret=secret
spring.security.oauth2.client.registration.google.redirectUri=https://example.com/oauth2/callback/{registrationId}
spring.security.oauth2.client.registration.google.scope=email,profile
which produces the authorisationURI below:
https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount
?response_type=code
&client_id=abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
&scope=email%20profile
&state=zyxwvutsrqponmlkjihgfedcba
&redirect_uri=https%3A%2F%2Fexample.com%2Foauth2%2Fcallback%2Fgoogle
&service=lso
&o2v=2
&flowName=GeneralOAuthFlow
I want to add an additional query parameter: &prompt=select_account but am unable to figure out how. I have tried adding the line below to application.properties:
spring.security.oauth2.client.registration.google.prompt=select_account
but this has not worked (same URI constructed as before) - I can't see any property available to set this particular parmaeter listed under: https://docs.spring.io/spring-security/site/docs/5.2.12.RELEASE/reference/html/oauth2.html
Is there a way to append these query parameters via Spring security?
Upvotes: 1
Views: 402
Answers (0)
Related Questions
- Spring Security with Okta & custom redirect == Too Many Redirects
- Spring Boot Security - How to disable access to endpoints for swagger ui page if the user is not authenticated with Oauth2
- Spring boot security consider case insensitive username check for login
- Configure spring security with oauth2/openid for session id but also access token
- Integrate Spring Security OAuth2 and Spring Social
- Spring Security OAuth2 with multiple IDPs and form login: matching users
- Spring security oauth2 wrongly using internal URL as current URI for redirection
- Spring Security with Openid and Database Integration