I am using spring security to do OAuth2 authentication with request taking username and password as using in a normal flow. However, I want to add another method for authentication same OAuth but with different parameters in the request. (for example, id and clientToken - there is an authentication that is done before it reaches my service). At the end when both types of requests come to my auth service it must return an oauth token, which is further enhanced. Is it possible to have 2 different auth providers on oauth end point url?
Asked
Active
Viewed 646 times
1 Answers
2
Actually, there is the following line of code in spring oauth2 TokenEndpoint:
OAuth2AccessToken token = this.getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
So spring uses TokenGranter abstraction to grant tokens.
When you search for a specific implementation, for example, ResourceOwnerPasswordTokenGranter, you can spot that it uses AuthentiacionManager which accommodates AuthenticationProviders.
So the answer is yes - it is possible.
Dominik
- 353
- 1
- 5
-
thanks for pointing me in the right direction. Your comments lead me to do some more searching and found https://stackoverflow.com/questions/25264358/spring-security-oauth2-with-custom-tokengranter-in-version-2-0 and I was able to figure out an implementation. – dondragon2 May 30 '19 at 16:12