1

I would like to customize how the TokenEndpoint works so that I can add additional parameters to to incoming /oauth/token rest call that I will capture and process.

Ok, to perhaps help explain what I want to do, here are some additional aspects to it.

Lets say, in the oauth/token request I want to add another request parameter entry. So instead of sending the oauth/token with grant_type=client_credentials (for example), I want to add grant_type=client_credentials&extraInfo=xxxx.

So my my token endpoint that I have running at request mapping /oauth/token instead of the builtin one (TokenEndpoint), I do everything that the original does PLUS, I parse the extraInfo=xxx and set it as a key/value in the additional info section of the token.

Later in my backend, I extract this extra info and use it to provide some functionality that I need. Various clients will use this extraInfo parameter to send some specific type of information that I was to be aware of.

So basically, ow do I substitute my own token endpoint in place of the regular one? Is this in token services and if so which specific part?

EvilJinious1
  • 2,773
  • 6
  • 43
  • 63
  • Have you tried adding your own controller bean with a request mapping (/oauth/token) that handles this? – Zaki Aug 26 '15 at 14:30
  • yes, but then there is tying it into all the oauth2 infrastructure, token granter, etc which is substantial. I did go that way since I looked at the TokenEndpoint which pretty much does what you stated. Mostly I am looking for a way to use the SPI to tying my own endpoint into the existing without rewriting the spring security ouath2 code – EvilJinious1 Aug 26 '15 at 22:43
  • As well, when I create my own token endpoint, the whole CRSF missing token mess kicks in and cancels the call to my own token endpoint before it gets there with a 403. I am sure that the process of setting the original spring security TokenEndpoint sets up an allowance for this POST call on theirs. – EvilJinious1 Aug 28 '15 at 11:54
  • Possible duplicate of [Customise oath2 token request to accept extra data](https://stackoverflow.com/q/31154557/608639) – jww Nov 07 '18 at 17:13

1 Answers1

1

I figured out an alternative to what i want to do without any of the messiness of trying to create and hook in my custom Token Endpoint.

I put an aspect around (@Around ...) the TokenEndpoint and captured the incoming parameters and resultant token, etc. I then used the spring session framework to put in a structure that I can access (created from what came in) and now I can get at it in my resultant code.

This does what I want without needing to do something more complex.

EvilJinious1
  • 2,773
  • 6
  • 43
  • 63