Is it possible to add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler?

[jacko9et]

Is it possible to add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler?
I don't want to change the default behavior, I just want to clean up the session after the response is successful, so that every time the /oauth2/authorize endpoint is triggered, it will re-login.

[jgrandja]

@jacko9et I'm not understanding your question.

add a callback after the sendAccessTokenResponse method of accessTokenResponseHandler?

This is referring to the token endpoint.

every time the /oauth2/authorize endpoint is triggered, it will re-login

And this is referring to the authorization endpoint.

Can you provide more details and please be specific on exactly what you are trying to implement. Thanks.

[spring-projects-issues]

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

[ramonmalcolm10]

He want the user to re-authenticate every time they are redirected to the OAuth server.
The approach that most OAuth sever normally take is to allow the client to pass a query parameter name prompt with the value login to trigger the re-authentication.
It would be good if this feature can be added in the future.

[jgrandja]

@ramonmalcolm10 What you described does not sound like what @jacko9et is asking. Your description sounds very much like gh-501.

I will wait for @jacko9et to respond.

[jacko9et]

Sorry for the late reply.
Now if the first visit to the /oauth2/authorize endpoint is not authenticated, it will be redirected to the login page to log in, and after the authentication is passed, the second visit to the /oauth2/authorize endpoint will automatically pass the authentication provided by the session with the authentication information.
I hope that every time I visit the /oauth2/authorize endpoint, I need to re-authenticate without being affected by the session.

Because the session is needed to store the state in the process, I think the session needs to be cleaned up after the client obtains the token. The default accessTokenResponseHandler cannot be extended using a delegate class without changing the default behavior. I don't think it's a problem to close the modification, but the extension cannot reuse the code because of insufficient scalability. It is proposed to add a callback method after accessTokenResponseHandler to provide sufficient scalability.