Skip to content

Is it possible to add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler? #1148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jacko9et opened this issue Apr 3, 2023 · 6 comments
Assignees
Labels
status: duplicate A duplicate of another issue

Comments

@jacko9et
Copy link

jacko9et commented Apr 3, 2023

Is it possible to add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler?
I don't want to change the default behavior, I just want to clean up the session after the response is successful, so that every time the /oauth2/authorize endpoint is triggered, it will re-login.

@jacko9et jacko9et added the type: enhancement A general enhancement label Apr 3, 2023
@jgrandja
Copy link
Collaborator

@jacko9et I'm not understanding your question.

add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler?

This is referring to the token endpoint.

every time the /oauth2/authorize endpoint is triggered, it will re-login

And this is referring to the authorization endpoint.

Can you provide more details and please be specific on exactly what you are trying to implement. Thanks.

@jgrandja jgrandja self-assigned this Apr 12, 2023
@jgrandja jgrandja added status: waiting-for-feedback We need additional information before we can continue and removed type: enhancement A general enhancement labels Apr 12, 2023
@spring-projects-issues
Copy link
Collaborator

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Apr 19, 2023
@ramonmalcolm10
Copy link

ramonmalcolm10 commented Apr 19, 2023

He want the user to re-authenticate every time they are redirected to the OAuth server.
The approach that most OAuth sever normally take is to allow the client to pass a query parameter name prompt with the value login to trigger the re-authentication.
It would be good if this feature can be added in the future.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Apr 19, 2023
@jgrandja
Copy link
Collaborator

@ramonmalcolm10 What you described does not sound like what @jacko9et is asking. Your description sounds very much like gh-501.

I will wait for @jacko9et to respond.

@jgrandja jgrandja added status: waiting-for-feedback We need additional information before we can continue and removed status: feedback-provided Feedback has been provided labels Apr 19, 2023
@jacko9et
Copy link
Author

jacko9et commented Apr 20, 2023

Sorry for the late reply.
Now if the first visit to the /oauth2/authorize endpoint is not authenticated, it will be redirected to the login page to log in, and after the authentication is passed, the second visit to the /oauth2/authorize endpoint will automatically pass the authentication provided by the session with the authentication information.
I hope that every time I visit the /oauth2/authorize endpoint, I need to re-authenticate without being affected by the session.

Because the session is needed to store the state in the process, I think the session needs to be cleaned up after the client obtains the token. The default accessTokenResponseHandler cannot be extended using a delegate class without changing the default behavior. I don't think it's a problem to close the modification, but the extension cannot reuse the code because of insufficient scalability. It is proposed to add a callback method after accessTokenResponseHandler to provide sufficient scalability.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Apr 20, 2023
@jgrandja
Copy link
Collaborator

@jacko9et Thanks for the explanation.

I hope that every time I visit the /oauth2/authorize endpoint, I need to re-authenticate without being affected by the session.

The OpenID Connect 1.0 parameter prompt with a value of login implements the re-authenticate feature. We have an open issue gh-501 that will address this feature.

The default accessTokenResponseHandler cannot be extended using a delegate class without changing the default behavior. I don't think it's a problem to close the modification, but the extension cannot reuse the code

authorizationServerConfigurer.tokenEndpoint.accessTokenResponseHandler() is the main extension point for customization after the authorization grant flow is completed. I realize you would need to duplicate the code in sendAccessTokenResponse() and add your customization on top of that but it can be done today to move your forward. We will be looking at simplifying this and allowing for reuse in gh-925.

I'll close this as a duplicate of gh-501 and/or gh-925.

@jgrandja jgrandja added status: duplicate A duplicate of another issue and removed status: feedback-provided Feedback has been provided labels Apr 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Development

No branches or pull requests

4 participants