Skip to content

Commit b9343d1

Browse files
LEDfanjhhhnikt
LEDfan
and
jhhhnikt
committed
Fix #29398: add option to use PKCE
Co-authored-by: Jan Henrik Hasselberg <jan.henrik.hasselberg@hnikt.no>
1 parent 5c81f93 commit b9343d1

1 file changed

Lines changed: 18 additions & 0 deletions

File tree

src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,10 @@
4545
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
4646
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
4747
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
48+
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
49+
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
4850
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
51+
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
4952
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
5053
import org.springframework.security.oauth2.core.OAuth2Error;
5154
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
@@ -119,6 +122,9 @@ public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestCon
119122
.defaultSuccessUrl("/", true)
120123
.clientRegistrationRepository(clientRegistrationRepo)
121124
.authorizedClientService(oAuth2AuthorizedClientService)
125+
.authorizationEndpoint()
126+
.authorizationRequestResolver(authorizationRequestResolver())
127+
.and()
122128
.failureHandler(new AuthenticationFailureHandler() {
123129

124130
@Override
@@ -137,6 +143,18 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
137143
.addFilterAfter(openIdReAuthorizeFilter, UsernamePasswordAuthenticationFilter.class);
138144
}
139145

146+
private OAuth2AuthorizationRequestResolver authorizationRequestResolver() {
147+
Boolean usePkce = environment.getProperty("proxy.openid.with-pkce", Boolean.class, false);
148+
DefaultOAuth2AuthorizationRequestResolver authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepo,
149+
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
150+
151+
if (usePkce) {
152+
authorizationRequestResolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
153+
}
154+
155+
return authorizationRequestResolver;
156+
}
157+
140158
@Override
141159
public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
142160
// Nothing to do.

0 commit comments

Comments
 (0)