How-to: Implement an Extension Authorization Grant Type

[Taschee]

A guide on how to add a custom flow to the provided core functionality would be very useful.

Context
This project does not support grant types that are not part of the OAuth2.1 spec (see https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Features-Matrix#authorization-server-support); Some potential users might still need to support some of these authorization flows, so a guide on how to they can add one by themselves would be nice.
Also, there can be other use cases to add your own custom grant types, e.g. in our current project there already exists a dedicated custom grant type which adds some additional custom functionality to the standard client credential flow.

Related: #499

[6S]

Hello,
Reading this discussion I don't understand if it is possible to implement and to declare a non-supported grant type using this library. I understand there is no documentation available, but is it at least possible ?
In other words, what is the level of extensibility of Spring Authorization Server ?

[sjohnr]

Hi @6S. There is documentation available for the project, in case you weren’t aware. If the docs don’t answer the question, you may want to ask on stackoverflow while waiting for this guide. Feel free to link to the question here so others can find it.

[GrmpfNarf]

Hello, Reading this discussion I don't understand if it is possible to implement and to declare a non-supported grant type using this library. I understand there is no documentation available, but is it at least possible ? In other words, what is the level of extensibility of Spring Authorization Server ?

Hi 6S,
yes it is possible but not that easy. You basicly need an Implementation of org.springframework.security.oauth2.server.authorization.web.authentication.AuthenticationConverter and org.springframework.security.authentication.AuthenticationProvider which you have to add to the org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter.
The last Point is the tricky part which you can read here: #417

[imaxkhan]

hi
one problem i recently found on federated example. i implemented code_flow successfully with federation from azure ad b2c ..but right now i want to implement client_credential flow without any dependency to azure ad b2c and spring authorization server(federated sample) generate token itself without communicating to azure ad b2c.. is it possible? because when i ask for token from authorization server with client credential flow it will be redirected to my azure b2c login page.
i mean is there any way to disable federation on special grant_type (flow)?

[jgrandja]

@imaxkhan Please do not ask questions on an unrelated issue. As well, questions are better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements

[imaxkhan]

@imaxkhan Please do not ask questions on an unrelated issue. As well, questions are better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements

sure srry for that
https://stackoverflow.com/questions/75856967/how-disable-federation-on-client-credential-flow-inside-spring-federated-authori