spring-bug
Demonstration Project to show undesired behavior with the OAuth2 client in spring security
Setup
To use this test project, you will need to supply the OAuth2 configuration.
Update the src/main/resources/application.yaml file and enter the client ID and secret for your OAuth2 source.
spring:
security:
oauth2:
client:
registration:
demo1:
client-id: <my client id>
client-secret: <my client secret>
demo2:
client-id: <my client id>
client-secret: <my client secret>
If you modify the redirect URL, you will need to update the href entries on the demo\index.html file as well.
You will also need to provide valid OAuth2 Provider configuration
spring:
security:
oauth2:
client:
provider:
demo1:
authorization-uri: https://host/idp/profile/oidc/authorize
token-uri: https://host/idp/profile/oidc/token
user-info-uri: https://host/idp/profile/oidc/userinfo
user-name-attribute: sub
jwk-set-uri: https://host/idp/profile/oidc/keyset
The Demo1 and Demo2 providers can be the same (but both must be defined) if the demo1 and demo2 clients are registered on it.
Running
Now compile and run the application and open a web browser to https://localhost:8443/ A Self-signed "localhost" certificat file is provided in the project to enable SSL support.