Describe the bug When we try to override the default redirect uri in application.yml. i expected it to two things: 1. To associate OAuth2LoginAuthenticationFilter with request pattern mentioned in the redirect-uri property 2. To send this value as redirect_uri value in the authorization request to provider. But, the observation is, it is performing only point #2 above, but still associated OAuth2LoginAuthenticationFilter with default redirect uri which is {}baseUri}/login/oauth2/code/{registrationId}
To Reproduce Override the redirect-uri like this:
Expected behavior Below two things should happen 1. To associate OAuth2LoginAuthenticationFilter with request pattern mentioned in the redirect-uri property 2. To send this value as redirect_uri value in the authorization request to provider.
And we should be able to login successfully and access any protected web page
Spring Boot version: 3.5.3 Spring Security version: 6.5.1 Java version: 17
Comment From: SebastianDietrich
Have you tried NOT to permit the url in the security configuration? I have a working OAuth2 login with a redirect-url that is not permitted. I assume "permit" is not necessary, since the redirect is handled by spring and not the application.
Comment From: re1709
I achieve this by setting it through the OAuth2LoginConfigurer in the filter chain:
http
.oauth2Login(config -> config.loginProcessingUrl("/login/authorized/**"))
Unless i've misunderstood how the OAuth2LoginAuthenticationFilter is being created.
Comment From: Mallik514
@SebastianDietrich Nope, it did not work with permit or without permit. @re1709 Yes, it does work with DSL configuration you mentioned above, but the assumption was it would work just by setting redirect-uri property without the need of Java configuration.