Additional parametrs for /oauth2/token

asroryuldashev57 · November 28, 2024, 10:52am

Hello JmixTeam

I was trying to add additional fields to the /oauth2/token api using this. But for some reason it’s not working.

I have looked at Simplify customizing the access token response · Issue #925 · spring-projects/spring-authorization-server · GitHub

I wrote CustomAccessTokenResponseHandler. But it is not working.
Because this is working at org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter

private AuthenticationSuccessHandler authenticationSuccessHandler = this::sendAccessTokenResponse;

I didn’t find override this class

Please share sample demo app which demonstrates how to implement custom token response.

nurmuhammad.abdurash · December 2, 2024, 12:43pm

how to solve this issue? i need also. @krivopustov @gorelov

taimanov · December 5, 2024, 4:28pm

Hello!

By default Jmix configures /oauth2/token behaviour in SecurityFilterChain bean named authsr_AuthorizationServerSecurityFilterChain.
Thus, custom AuthenticationSuccessHandler may be set to OAuth2TokenEndpointFilter by obtaining it from authsr_AuthorizationServerSecurityFilterChain:

@Component
public class TokenEndpointFilterCustomizationBean {

    @Autowired
    @Qualifier("authsr_AuthorizationServerSecurityFilterChain")
    private SecurityFilterChain authorizationServerSecurityFilterChain;


    @PostConstruct
    public void modifyFilterChain() {

        Optional<OAuth2TokenEndpointFilter> tokenEndpointFilter = authorizationServerSecurityFilterChain.getFilters().stream()
                .filter(filter -> OAuth2TokenEndpointFilter.class.isAssignableFrom(filter.getClass()))
                .map(f -> (OAuth2TokenEndpointFilter) f)
                .findAny();

        if (tokenEndpointFilter.isEmpty()) {
            throw new RuntimeException("No OAuth2TokenEndpointFilter found");
        }

        OAuth2AccessTokenResponseAuthenticationSuccessHandler successHandler = new OAuth2AccessTokenResponseAuthenticationSuccessHandler();
        successHandler.setAccessTokenResponseCustomizer(c ->
        {
            Authentication authentication = c.get(Authentication.class);
            if (authentication instanceof OAuth2AccessTokenAuthenticationToken authToken) {
                var additionalParameters = new HashMap<>(authToken.getAdditionalParameters());
                additionalParameters.put("myAdditionalParamName", "myAdditionalParamValue");
                c.getAccessTokenResponse().additionalParameters(additionalParameters);
            }
        });

        tokenEndpointFilter.get().setAuthenticationSuccessHandler(successHandler);
    }
}

Here is an example project with this bean:
j24999ui-additional-param.zip (2.3 MB)

Regards,
Dmitry

asroryuldashev57 · December 6, 2024, 10:37am

Hello @taimanov

How can I get current user data here?