New to spring boot and I’m working on an application that already had some Oauth2 authentication done for signing in with azure. I was tasked with setting up some auth for another API and now I have two registrations(client id/secret/grant-type) in my application-local.properties
.
spring.security.oauth2.resource.jwk.key-set-uri=xxxxxxxx spring.security.oauth2.client.registration.azure.client-secret=xxxx spring.security.auth2.client.registration.azure.client-id=xxxxx spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code spring.security.oauth2.client.registration.azure.client-name=azure spring.security.oauth2.client.registration.azure.provider=azure spring.security.oauth2.client.registration.azure.scope=openid,profile,email,offline_access spring.security.oauth2.client.provider.test.token-uri=xxxxx spring.security.oauth2.client.registration.test.client-id=xxxxx spring.security.oauth2.client.registration.test.client-secret=xxxxx spring.security.oauth2.client.registration.test.authorization-grant-type=client_credentials
example of login prompt
This works. The problem now is when visiting the application for the first time, you are prompted to choose which service you would like to login with, either azure or test. I would like to be able to set a default for this and use azure for logging into the application so the user isn’t prompted.
http.authorizeRequests() .antMatchers("/impersonate/**").hasAnyRole(roleAdmin) .antMatchers("/login", "/health").permitAll() .anyRequest().authenticated() .antMatchers("/logout").hasRole(prevRoleAdmin) .anyRequest().fullyAuthenticated() .and() .csrf().disable() .logout() .logoutSuccessUrl("/admin") .and() .oauth2Login() // Is there a way to pass which registration it should use after this? .userInfoEndpoint() .oidcUserService(this.oidcUserService()) ;
Is there any way to set this to seek out and use the creds for azure?
Advertisement
Answer
By default, Spring Security shows the chooser page, but you can set the login page to a specific client:
@Configuration public class RedirectToAzureConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) { http // ... .oauth2Login(oauth2 -> oauth2 .loginPage("/oauth2/authorization/azure") ); } }
For every client listed in your application.properties
, Spring Security will respond to /oauth2/authorization/{registrationId}
requests and negotiate with the corresponding authorization server to get the user logged in.
If you need to programmatically decide what to redirect to, you can register an AuthenticationEntryPoint
instead of setting the loginPage()
.