Reputation: 333
How to add a custom endpoint to spring authorization server?
I am trying to add a Pushed Authorization Request endpoint to Spring Authorization Server and as this comment I have created
When I try and access that endpoint, via a POST Request, it redirects me to a login URL. Enabling debug says I need to enable CSRF, but I am confused as if I issue a Client Credential request I dont need to have CSRF enabled.
Any ideas on what I am doing wrong?
Upvotes: 1
Views: 904
Answers (1)
Reputation: 6158
There is quite a bit of code in your sample, so it is hard to be certain. It looks as though you are adding a new endpoint to the existing filter chain (authServerSecurityFilterChain) used for protocol endpoints. In that case, you need to ensure that your endpoint is excluded from CSRF protection, as by default only built-in endpoints are excluded. See OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http), which uses csrf.ignoringRequestMatchers(...).
Note that you can also just use regular @RestControllers in your Spring Boot application if you want to, you don't have to implement endpoints the same way SAS does. Endpoints are only implemented as filters/converters/authentication providers in the framework so that any servlet-based application could use it.
Upvotes: 1
Related Questions
- can't get accessToken with client-credentials grant_type with spring-authorization-server
- How to Handle OAuth2 Authorization Code Flow with Custom Tenant based Authentication which returns JWT in Spring Authorization Server?
- Why isn’t the session deleted when logging out from the Spring Authorization Server?
- Spring Authorization Server Integration in Keycloak For Authorization Code Flow
- Using cognito as IDP for Spring authorization server
- Spring Authorization Server 1.0.0: invalid_client error while requesting /oauth2/token
- Spring Authorization Server: Sending Opaque Token to Introspect endpoint returns "invalid_request"