Spring zuul for authorization code grant type

问题

I have been trying to build a spring distributed application that works on JWT. Github repo - https://github.com/dhananjay12/spring-microservice-demo

Service Description

• product-service : A simple downstream service having protected routes
• jwt-resoure-server : A jar that when included in downstream services make it a resourceserver that extract jwt token and set it in security contex.
• eureka-service : Discovery service
• zuul-server : Edge server
• Okta is my auth server

I have set oauth grant type to be - Authorization code (I know for spa implicit grant type is recommended but lets say due to some constraint in future we are restricted to this grant type)

So angular client after successfully login, auth server revert back to the angular app with authorization code like :

http://localhost:4200/?code=iTJkTvXfESQFvGJmio_l&state=my-state

Now I have to hit auth server with this code to get the access and id token.

Since this requires client secret, I have to pass it through zuul (as only back-end service can have client secrets), which should add client_secret to the body and forward the request to auth server.

I am struggling with this last part. Any insights? Tried creating a TokenFilter, but its not working for post request. https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;

import java.io.IOException;

import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.FORWARD_TO_KEY;

import javax.servlet.http.HttpServletRequest;

import org.apache.http.HttpStatus;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;

@Component
public class TokenFilter extends ZuulFilter {

    @Autowired
    private OauthConfiguration oauthConfiguration;

    @Override
    public int filterOrder() {
        return 6;//PRE_DECORATION_FILTER_ORDER - 1;
    }

    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public boolean shouldFilter() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();
        if (request.getRequestURI().contains("/token")) {
            return true;
        }
        return false;
    }

    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();

        request.setAttribute("client_secret", oauthConfiguration.getClientSecret());

        System.out.println(String.format("%s request to %s", request.getMethod(), request.getRequestURL().toString()));
        return null;
    }
}

来源：https://stackoverflow.com/questions/51646207/spring-zuul-for-authorization-code-grant-type