OAuth 2.0 login supports manual extraction of authorities like a resource server

[XhstormR]

Expected Behavior
As stated in the official documentation, resource server supports use JwtAuthenticationConverter to convert SCOPE_admin to ROLE_admin.

I use OpenID Connect in the oauth 2.0 client package for single sign-on, but found that it does not support JwtAuthenticationConverter to convert into role permissions.

Oauth 2 login module supports the function of like JwtAuthenticationConverter, which can be configured to prefix SCOPE_ to ROLE_.

Current Behavior
Oauth 2 login module does not support configuration SCOPE_ prefix. Interpret user authorities like as:
[ROLE_USER, SCOPE_address, SCOPE_email, SCOPE_microprofile-jwt, SCOPE_offline_access, SCOPE_openid, SCOPE_phone, SCOPE_profile]

Context

Since the authorization methods used in the project are all based on role authentication, if the SCOPE_ prefix can be changed to the ROLE_ prefix, the change will become very small.

[jgrandja]

@XhstormR Have you seen the reference on Mapping User Authorities?

There are 2 strategies that you can leverage:

1. Using a GrantedAuthoritiesMapper
2. Delegation-based strategy with OAuth2UserService

Does this help?

[XhstormR]

Sorry, I miss this, I ended up using OAuth2UserService. Thanks.