Closed
Description
The AuthorizationCodeAuthenticationProcessingFilter
currently supports the oauth2Login
feature. It handles the Authorization Response callback and processes it with it's collaborators in the following step sequence:
- Exchanges the
AuthorizationCode
Grant for anAccessToken
- Then calls the
OAuth2UserService
to load thePrincipal
information and ultimately authenticate the session
Step 2 is not specified as part of the Authorization Code Grant flow in the OAuth 2.0 spec. However, we need this step in order to realize the oauth2Login
feature.
But we also need to support the Authorization Code Grant flow as per spec for cases where the Authorized client needs to fetch a new AccessToken
to access other protected resources (after the end-user has authenticated).
In order to support this, AuthorizationCodeAuthenticationProcessingFilter
and AuthorizationCodeAuthenticationProvider
will need to be re-factored.