Customise oath2 token request to accept extra data

Question

I am using jersey and spring-oauth2 with spring security. My app is working fine with end points \"/oauth/token\".

I want to change the endpoints to accept more dat

Answer 1

I have found a solution by writing a wrapper controller and assigning default tokenEndpoint bean

@FrameworkEndpoint
public class LoginContrller{

private static Logger logger = org.slf4j.LoggerFactory.getLogger(LoginContrller.class);
private WebResponseExceptionTranslator providerExceptionHandler = new DefaultWebResponseExceptionTranslator();

@Autowired
private UserManager userManager;

@Autowired
TokenEndpoint tokenEndPoint;

@RequestMapping(value = "/user/login", method=RequestMethod.POST,consumes=MediaType.APPLICATION_JSON)
public ResponseEntity  postAccessToken(Principal principal, @RequestParam
Map parameters,@RequestBody(required=false) LoginModel loginModel) throws HttpRequestMethodNotSupportedException {
    ResponseEntity response = tokenEndPoint.postAccessToken(principal, parameters);
    if(!isRefreshTokenRequest(parameters)){
        if(loginModel!=null){
            loginModel.setUsername(parameters.get("username"));
            try {
                userManager.loginUser(loginModel);
            } catch (UserNotFoundException e) {
                logger.warn("Exception in custom login {} ",e);
            }
        }
    }
    return response;
}

private boolean isRefreshTokenRequest(Map parameters) {
    return "refresh_token".equals(parameters.get("grant_type")) && parameters.get("refresh_token") != null;
}

private boolean isAuthCodeRequest(Map parameters) {
    return "authorization_code".equals(parameters.get("grant_type")) && parameters.get("code") != null;
}

@ExceptionHandler(HttpRequestMethodNotSupportedException.class)
public void handleHttpRequestMethodNotSupportedException(HttpRequestMethodNotSupportedException e) throws Exception {
    logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
    throw e;
}

@ExceptionHandler(Exception.class)
public ResponseEntity handleException(Exception e) throws Exception {
    logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
    return getExceptionTranslator().translate(e);
}

@ExceptionHandler(ClientRegistrationException.class)
public ResponseEntity handleClientRegistrationException(Exception e) throws Exception {
    logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
    return getExceptionTranslator().translate(new BadClientCredentialsException());
}

@ExceptionHandler(OAuth2Exception.class)
public ResponseEntity handleException(OAuth2Exception e) throws Exception {
    logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
    return getExceptionTranslator().translate(e);
}

private WebResponseExceptionTranslator getExceptionTranslator() {
    return providerExceptionHandler;
}

}

Change in web.xml : just replace the URL with new one

    appServlet
    /user/login

And finally create bean with logincontroller class and change the URL in spring-security.xml.

Change the oauth token url and url of clientCredentialsTokenEndpointFilter as mentioned below.