Description
Expected Behavior
Extract granted authorities from a given OAuth2User
.
Current Behavior
Currently the OAuth2 support uses a GrantedAuthoritiesMapper
which allows for expanding the granted authorities for OAuth2. This is done in:
OAuth2LoginAuthenticationProvider
OAuth2LoginReactiveAuthenticationManager
OidcAuthorizationCodeAuthenticationProvider
OidcAuthorizationCodeReactiveAuthenticationManager
Currently only the current granted authorities of the OAuth2User
can be accessed. There is a way to access OAuth2UserAuthority
, but that does not give information such as the name of the principal
Context
We need this because we are providing some functionality that allows extracting various attributes from the OAuth context and remapping them to some specific granted authorities known for us. Recently we've had a request fro integrating all of this with a specific identity provider. This means that Google is used as an OAuth provider, but the information that is available in the token is not enough and we need to fetch things such as group access from a different identity provider. In order to do that fetch we need the ID of the user.
I did a small prototype (filiphr@7d4b3bf) with the OAuth2LoginAuthenticationProvider
by adding a new interface OAuth2GrantedAuthoritiesProvider
that can be used to pass the OAuth2User
to the provider. The naming and package location is TBD, we can make OAuth2GrantedAuthoritiesProvider
be a generic with <T extends OAuth2User>
, etc.
I would like to hear more whether a solution like this would be something that the team would be willing to look into if I provide a Pull Request.