AuthorizationServerSettings in a multitenant environment #1343
Assignees
Labels
status: duplicate
A duplicate of another issue
Comments
|
@frederikz Can you please add these details to gh-663. We're planning on addressing the How-to guide soon and also provide a working sample. We likely will discover some gaps in the process and will address them at that time. I'll close this as a duplicate. |
jgrandja
added
status: duplicate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I successfully use the authorization server in a multitenant environment and now also want to use OpenId Connect functionality and struggle with what is currently offered for configuration. The problem is that AuthorizationServerSettings is a final class and not an interface I could proxy and therefore would need to replace the AuthorizationServerContextFilter and with it the whole default OpenID configuration.
If you don't want to make it an interface I would propose to introduce an AuthorizationServerContextResolver that is then used in the AuthorizationServerContextFilter to create the AuthorizationServerContext. A developer then could configure its own AuthorizationServerContextResolver to be used. How it could look like:
frederikz@a7b256d
I can make I pull request if you want me to.
I'm not really happy with that you still have a AuthorizationServerSettings bean that then has an URL with placeholders like /oauth2/{tenantName}/authorize (I encode the tenant name in the URL) as the configurers use the AuthorizationServerSettings bean to create requests matchers. An alternative would be to make the AuthorizationServerSettings bean optional and allow to specifiy your own request matchers for the various endpoints.
The text was updated successfully, but these errors were encountered: