Spring Security OAuth2 with custom TokenGranter in version 2.0.+
In previous versions of OAuth2 it was possible to add a custom token granter by adding it to the xml configuration in the <authorization-server> element.
I wonder how I could extend the authorization server with Java Config using a AuthorizationServerConfigurerAdapter, without losing the default configuration, which contains the implicit, client credentials, refresh token and authorization code grant types.
First attempt was using creating the TokenGranter with @Component:
@Component("customTokenGranter")
public class CustomTokenGranter {
//implementation
}
This leads to a dependency resolution exception because the tokenServices needed to construct the Granter cannot be autowired.
Second attempt was using the configure method
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
{
endpoints
.tokenGranter(new CustomTokenGranter(endpoints.getTokenServices(),
endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
}
Using this, the default grant types will not be registered.
I also tried a second configuration with a lower order, but without success. What else could I do to add my custom grant type?
Answer
You need to add the default ones too, e.g. using a CompositeTokenGranter:
List<TokenGranter> tokenGranters = getTokenGranters(); // implementation up to you
tokenGranter = new CompositeTokenGranter(tokenGranters);
endpoints.tokenGranter(tokenGranter);