Skip to content

Please add a way to add prefix or custom URL mapping for OidcProviderConfigurationEndpointFilter /.well-known/openid-configuration/ #1409

New issue
New issue
Closed
Closed
Please add a way to add prefix or custom URL mapping for OidcProviderConfigurationEndpointFilter /.well-known/openid-configuration/#1409
Assignees
jgrandja
Labels
status: duplicateA duplicate of another issue
@FoxNeo

Description

@FoxNeo
FoxNeo
opened on Oct 17, 2023

Expected Behavior
Hello, I would like to add the following Feature.
I have a web application that has the Server Context URL https://app-server.com/app-context-name/authenticator

The problem is that the OidcProviderConfigurationEndpointFilter class is final and does not allow modifying the filter url endpoint value. In this example the Metadata Endpoint would be
https://app-server.com/app-context-name/.well-known/openid-configuration/
instead of https://app-server.com/app-context-name/authenticator/.well-known/openid-configuration/
after the sub endpoint /authenticator/

It would be possible to modify the ServerSettings class to be able to override the endpoint like in UserInfo, IdToken for example:

OidcProviderConfigurationEndpointFilter.java

		OidcProviderConfiguration.Builder providerConfiguration = OidcProviderConfiguration.builder()
				.metadataPrefix(authorizationServerSettings.getPrefix())
				.issuer(issuer)
				.authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint()))
				.tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint()))`

AuthorizationServerSettings.java

            public static Builder builderWithPrefix(@NonNull String prefix) {
		return new Builder()
				.metadataPrefix(prefix + "/.well-known/openid-configuration")
				.authorizationEndpoint(prefix + "/oauth2/authorize")
				.tokenEndpoint(prefix +"/oauth2/token")
				.jwkSetEndpoint(prefix +"/oauth2/jwks")
				.tokenRevocationEndpoint(prefix +"/oauth2/revoke")
				.tokenIntrospectionEndpoint(prefix +"/oauth2/introspect")
				.oidcClientRegistrationEndpoint(prefix +"/connect/register")
				.oidcUserInfoEndpoint(prefix + "/userinfo");
	}

Current Behavior
it doesn't work, but it could

       public final class OidcProviderConfigurationEndpointFilter extends OncePerRequestFilter {
	/**
	 * The default endpoint {@code URI} for OpenID Provider Configuration requests.
	 */
	private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration";

	private final RequestMatcher requestMatcher = new AntPathRequestMatcher(
			PREFIX + DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI,
			HttpMethod.GET.name());
	private final OidcProviderConfiguration

Context
You can override the other Endpoints from the configuration: https://docs.spring.io/spring-authorization-server/docs/current/reference/html/configuration-model.html#configuring-authorization-server-settings but the Metadata ( OIDC 1.0 DiscoveyrEndpoint) (/.well-known/openid-configuration) it's not possible.

Metadata

Metadata

Assignees

Labels

status: duplicateA duplicate of another issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions