Spring OAuth2 - custom "OAuth Approval" page at oauth/authorize

In addition to @DaveSyer's answer, which should work for the most of the cases. Sometimes based on configuration and customization the aforementioned method may not work, if Framew‌orkEndpointHandlerMa‌pping from Spring Security OAuth package has higher order than RequestMappingHandlerMapping of your application. If this is the case, then servlet dispatcher will never reach you mapping and will always show the default page.

One way to fix it is to change the order of mappers, given that Framew‌orkEndpointHandlerMa‌pping's order is Order.LOWEST_PRECEDENCE - 2.

Another way is to set the approval page to a custom URL, not mapped by Framew‌orkEndpointHandlerMa‌pping, thus servlet dispatcher will reaches you application's mapping

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthorizationEndpoint authorizationEndpoint;

    @PostConstruct
    public void init() {
        authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
        authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
    }
}

With such a configuration mappings of /oauth/custom_confirm_access and /oauth/custom_error will be used as a confirmation page and an error page respectively.


The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm_access". You can look at WhitelabelApprovalEndpoint for the default implementation. Don't forget to use @SessionAttributes("authorizationRequest") in your controller.