Spring OAuth2 - custom "OAuth Approval" page at oauth/authorize
In addition to @DaveSyer's answer, which should work for the most of the cases. Sometimes based on configuration and customization the aforementioned method may not work, if FrameworkEndpointHandlerMapping
from Spring Security OAuth package has higher order than RequestMappingHandlerMapping
of your application. If this is the case, then servlet dispatcher will never reach you mapping and will always show the default page.
One way to fix it is to change the order of mappers, given that FrameworkEndpointHandlerMapping
's order is Order.LOWEST_PRECEDENCE - 2
.
Another way is to set the approval page to a custom URL, not mapped by FrameworkEndpointHandlerMapping
, thus servlet dispatcher will reaches you application's mapping
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthorizationEndpoint authorizationEndpoint;
@PostConstruct
public void init() {
authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
}
}
With such a configuration mappings of /oauth/custom_confirm_access
and /oauth/custom_error
will be used as a confirmation page and an error page respectively.
The recommended way is to provide a normal Spring MVC @RequestMapping
for the "/oauth/confirm_access". You can look at WhitelabelApprovalEndpoint
for the default implementation. Don't forget to use @SessionAttributes("authorizationRequest")
in your controller.