This guide shows how to extend Spring Authorization Server with an extension authorization grant type. The purpose of this guide is to demonstrate how to implement an extension authorization grant type and configure it at the OAuth2 Token endpoint.
Extending Spring Authorization Server with a new authorization grant type requires implementing an AuthenticationConverter
and AuthenticationProvider
, and configuring both components at the OAuth2 Token endpoint.
In addition to the component implementations, a unique absolute URI needs to be assigned for use with the grant_type
parameter.
Assuming the absolute URI for the grant_type
parameter is urn:ietf:params:oauth:grant-type:custom_code
and the code
parameter represents the authorization grant, the following example shows a sample implementation of the AuthenticationConverter
:
link:{examples-dir}/main/java/sample/extgrant/CustomCodeGrantAuthenticationConverter.java[role=include]
Tip
|
Click on the "Expand folded text" icon in the code sample above to display the full example. |
-
If the
grant_type
parameter is noturn:ietf:params:oauth:grant-type:custom_code
, then returnnull
, allowing anotherAuthenticationConverter
to process the token request. -
The
code
parameter contains the authorization grant. -
Return an instance of
CustomCodeGrantAuthenticationToken
, which is processed byCustomCodeGrantAuthenticationProvider
.
The AuthenticationProvider
implementation is responsible for validating the authorization grant, and if valid and authorized, issues an access token.
The following example shows a sample implementation of the AuthenticationProvider
:
link:{examples-dir}/main/java/sample/extgrant/CustomCodeGrantAuthenticationProvider.java[role=include]
Note
|
CustomCodeGrantAuthenticationProvider processes CustomCodeGrantAuthenticationToken , which is created by CustomCodeGrantAuthenticationConverter .
|
The following example shows how to configure the OAuth2 Token endpoint with the AuthenticationConverter
and AuthenticationProvider
:
link:{examples-dir}/main/java/sample/extgrant/SecurityConfig.java[role=include]
-
Add the
AuthenticationConverter
to the OAuth2 Token endpoint configuration. -
Add the
AuthenticationProvider
to the OAuth2 Token endpoint configuration.
The client can request the access token by making the following (authenticated) request to the OAuth2 Token endpoint:
POST /oauth2/token HTTP/1.1
Authorization: Basic bWVzc2FnaW5nLWNsaWVudDpzZWNyZXQ=
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:custom_code&code=7QR49T1W3