@@ -98,6 +98,7 @@ public OAuth2AuthorizationCodeRequestAuthenticationProvider(RegisteredClientRepo
9898 this .registeredClientRepository = registeredClientRepository ;
9999 this .authorizationService = authorizationService ;
100100 this .authorizationConsentService = authorizationConsentService ;
101+ this .requiresAuthorizationConsent = this ::requireAuthorizationConsent ;
101102 }
102103
103104 @ Override
@@ -173,7 +174,14 @@ public Authentication authenticate(Authentication authentication) throws Authent
173174 OAuth2AuthorizationConsent currentAuthorizationConsent = this .authorizationConsentService .findById (
174175 registeredClient .getId (), principal .getName ());
175176
176- if (requireAuthorizationConsent (registeredClient , authorizationRequest , currentAuthorizationConsent , authenticationContext )) {
177+ OAuth2AuthorizationCodeRequestAuthenticationContext contextWithAuthorizationRequestAndAuthorizationConsent =
178+ OAuth2AuthorizationCodeRequestAuthenticationContext .with (authorizationCodeRequestAuthentication )
179+ .registeredClient (registeredClient )
180+ .context (context -> context .put (OAuth2AuthorizationRequest .class , authorizationRequest ))
181+ .context (context -> context .put (OAuth2AuthorizationConsent .class , currentAuthorizationConsent ))
182+ .build ();
183+
184+ if (requiresAuthorizationConsent .test (contextWithAuthorizationRequestAndAuthorizationConsent )) {
177185 String state = DEFAULT_STATE_GENERATOR .generateKey ();
178186 OAuth2Authorization authorization = authorizationBuilder (registeredClient , principal , authorizationRequest )
179187 .attribute (OAuth2ParameterNames .STATE , state )
@@ -275,30 +283,27 @@ public void setAuthenticationValidator(Consumer<OAuth2AuthorizationCodeRequestAu
275283 * {@link OAuth2AuthorizationCodeRequestAuthenticationContext#getRegisteredClient()} containing {@link RegisteredClient} used to make the request.
276284 *
277285 * @param requiresAuthorizationConsent the {@link Predicate} that determines if authorization consent is required.
278- * @since 1.2.3
286+ * @since 1.3.0
279287 */
280288 public void setRequiresAuthorizationConsent (Predicate <OAuth2AuthorizationCodeRequestAuthenticationContext > requiresAuthorizationConsent ) {
281289 Assert .notNull (requiresAuthorizationConsent , "requiresAuthorizationConsent cannot be null" );
282290 this .requiresAuthorizationConsent = requiresAuthorizationConsent ;
283291 }
284292
285- private boolean requireAuthorizationConsent (RegisteredClient registeredClient ,
286- OAuth2AuthorizationRequest authorizationRequest , OAuth2AuthorizationConsent authorizationConsent ,
287- OAuth2AuthorizationCodeRequestAuthenticationContext authenticationContext ) {
288-
289- if (requiresAuthorizationConsent != null ) {
290- return requiresAuthorizationConsent .test (authenticationContext );
291- }
292-
293+ private boolean requireAuthorizationConsent (OAuth2AuthorizationCodeRequestAuthenticationContext context ) {
294+ RegisteredClient registeredClient = context .getRegisteredClient ();
293295 if (!registeredClient .getClientSettings ().isRequireAuthorizationConsent ()) {
294296 return false ;
295297 }
298+
299+ OAuth2AuthorizationRequest authorizationRequest = context .get (OAuth2AuthorizationRequest .class );
296300 // 'openid' scope does not require consent
297301 if (authorizationRequest .getScopes ().contains (OidcScopes .OPENID ) &&
298302 authorizationRequest .getScopes ().size () == 1 ) {
299303 return false ;
300304 }
301305
306+ OAuth2AuthorizationConsent authorizationConsent = context .get (OAuth2AuthorizationConsent .class );
302307 if (authorizationConsent != null &&
303308 authorizationConsent .getScopes ().containsAll (authorizationRequest .getScopes ())) {
304309 return false ;
0 commit comments