Skip to content

Extract Authorities from an OAuth2User #11780

Closed
@filiphr

Description

@filiphr

Expected Behavior

Extract granted authorities from a given OAuth2User.

Current Behavior

Currently the OAuth2 support uses a GrantedAuthoritiesMapper which allows for expanding the granted authorities for OAuth2. This is done in:

  • OAuth2LoginAuthenticationProvider
  • OAuth2LoginReactiveAuthenticationManager
  • OidcAuthorizationCodeAuthenticationProvider
  • OidcAuthorizationCodeReactiveAuthenticationManager

Currently only the current granted authorities of the OAuth2User can be accessed. There is a way to access OAuth2UserAuthority, but that does not give information such as the name of the principal

Context

We need this because we are providing some functionality that allows extracting various attributes from the OAuth context and remapping them to some specific granted authorities known for us. Recently we've had a request fro integrating all of this with a specific identity provider. This means that Google is used as an OAuth provider, but the information that is available in the token is not enough and we need to fetch things such as group access from a different identity provider. In order to do that fetch we need the ID of the user.

I did a small prototype (filiphr@7d4b3bf) with the OAuth2LoginAuthenticationProvider by adding a new interface OAuth2GrantedAuthoritiesProvider that can be used to pass the OAuth2User to the provider. The naming and package location is TBD, we can make OAuth2GrantedAuthoritiesProvider be a generic with <T extends OAuth2User>, etc.

I would like to hear more whether a solution like this would be something that the team would be willing to look into if I provide a Pull Request.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issuetype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions