Skip to content

Support various Authenticated Request methods #5500

New issue
New issue
Closed
Closed
Support various Authenticated Request methods#5500
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.1.0.M2
@mhyeon-lee

Description

@mhyeon-lee
mhyeon-lee
opened on Jul 11, 2018

Summary

OAuth2UserService requires various request schema support.
According to RFC 6750 Section 2. Authenticated Request, there are three ways to request user info.
https://tools.ietf.org/html/rfc6750#section-2

  1. Authorization Request Header Field
  2. Form-Encoded Body Parameter
  3. URI Query Parameter

However, spring-security only supports Header field method.
So it need additional schema support.
Specifically, the Form-Encoded Body Parameter using the POST method.

The spring-security-oauth2 project supported the following optional options:
https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/AuthenticationScheme.java#L18

Configuration

I hope I can set it up as follows.

ClientRegistration.withRegistrationId("registrationId")
				...
				.userInfoUri(userInfoUri)
				.userInfoRequestSchema(UserInfoRequestSchema.FORM)  // default is HEADER
				.userNameAttributeName("user-name")
				...;

Version

5.0.6

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions