Hello. We are recently undergoing a cuba to jmix upgrade for one of our app and implemented open id. Everything’s good with local setup with keycloak. When we tried implementing it with our organisation’s open id provider, we realised we have to go through an authenticated proxy (proxy host, proxy url, proxy username and proxy password). I’ve dug in spring boots ClientRegistrations class and saw that i uses a vanilla RestTemplate to connect to the provider issuer uri for auto discovery. Is there any way to override how RestTemplate is built here and force it to go through the authenticated proxy?
Hi, it seems that ClientRegistrations requires RestTemplate in case it accesses the OpenID Connect Providers’s configuration endpoint. It is defined by the spring.security.oauth2.client.provider.[providerId].issuer-uri application property. You may not to use this property and to define all required URL’s explicitly, e.g.:
#spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8180/auth/realms/sample
spring.security.oauth2.client.provider.keycloak.authorization-uri=http://localhost:8180/auth/realms/sample/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.user-info-uri=http://localhost:8180/auth/realms/sample/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8180/auth/realms/sample/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.jwk-set-uri=http://localhost:8180/auth/realms/sample/protocol/openid-connect/certs
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.redirect-uri={baseUrl}/{action}/oauth2/code/{registrationId}
See Spring Security documentation for details.
Alternatively you may not to use application properties at all, but to define client registration beans in the code. See documentation