Package com.alpaca.security.oauth2
Class OAuth2ReqResolver
java.lang.Object
com.alpaca.security.oauth2.OAuth2ReqResolver
- All Implemented Interfaces:
org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
public class OAuth2ReqResolver
extends Object
implements org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
Custom OAuth2 authorization request resolver that extends the default Spring Security behavior to
support Proof Key for Code Exchange (PKCE) by adding `code_verifier`, `code_challenge`, and
`code_challenge_method` parameters into the authorization request.
This resolver wraps the DefaultOAuth2AuthorizationRequestResolver and decorates each
generated request with PKCE parameters to enhance security, as recommended by OAuth 2.0 best
current practice. The `S256` method is used to generate the code challenge—using SHA-256 hash and
Base64URL encoding.
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolverprivate final org.springframework.security.crypto.keygen.StringKeyGenerator -
Constructor Summary
ConstructorsConstructorDescriptionOAuth2ReqResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repository, String authorizationRequestBaseURI) Constructs the resolver using a repository of client registrations and a base URI. -
Method Summary
Modifier and TypeMethodDescriptionprivate voidprivate static StringcreateHash(String value) private org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestcustomizeAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest request) org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestresolve(jakarta.servlet.http.HttpServletRequest request) org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Field Details
-
defaultResolver
private final org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver defaultResolver -
securityKeyGenerator
private final org.springframework.security.crypto.keygen.StringKeyGenerator securityKeyGenerator
-
-
Constructor Details
-
OAuth2ReqResolver
public OAuth2ReqResolver(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repository, String authorizationRequestBaseURI) Constructs the resolver using a repository of client registrations and a base URI.- Parameters:
repository- theClientRegistrationRepositorycontaining client configsauthorizationRequestBaseURI- the base URI for initiating authorization requests
-
-
Method Details
-
resolve
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve(jakarta.servlet.http.HttpServletRequest request) - Specified by:
resolvein interfaceorg.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
-
resolve
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve(jakarta.servlet.http.HttpServletRequest request, String clientRegistrationId) - Specified by:
resolvein interfaceorg.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
-
customizeAuthorizationRequest
private org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest customizeAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest request) -
addPKCEParameters
-
createHash
- Throws:
NoSuchAlgorithmException
-