I am studying Spring OAuth2 by decomposing the set of three interconnected sample apps at this GitHub link. The apps work as intended on my devbox, but the authserver
app produces an unwanted confirmation page that asks the user to confirm that they authorize the client at localhost:8080/login
to receive their protected information. A screen shot of the confirmation page is as follows:
What specific changes need to be made to the authserver
app's code to remove the confirmation step?
I understand that the confirmation page could be useful in certain use cases. But the confirmation page is not appropriate for the use case that I have in mind, so how can I disable this step?
FIRST ATTEMPT:
I have located the view code for the authorization page in authorize.ftl
, which you can read by clicking on this link. But when I do Ctrl-H
in an eclipse workspace and search for "authorize.ftl", no results show up. Similarly, I reviewed the Spring OAuth2 Developer Guide. Some mention in the guide is made of creating a separate @RequestMappig("/oauth/authorize")
, but it did not seem clear how to disable this confirmation step.
The code for the template login
view is in login.ftl
, which you can read at this link.
Is the solution to simply move the login.ftl
code into a new login.html
file, and then manage that view with @RequestMappig("/oauth/authorize")
?
If I interpret the working from the Developer Guide link above correctly, it seems to say that
1.) an @RequestMappig("/oauth/authorize")
method linked to GET would serve up the login view, then another @RequestMappig("/oauth/authorize")
,
2.) then another @RequestMappig("/oauth/authorize")
method linked to POST would take the information from the view and bypass the confirmation step.
But what would this look like in code? Here is a starting point, if I understand correctly:
`@RequestMappig("/oauth/authorize", method = RequestMethod.GET)`
public @ResponseBody SomeType method1Name(){
SomeType st = new SomeType();
//do some stuff to st
return st;
}
`@RequestMappig("/oauth/authorize", method = RequestMethod.POST)`
public @ResponseBody SomeType method2Name(){
SomeType st = new SomeType();
//do other stuff to st
return st;
}
What do I put in the methods? And then were do I put the view code?
The Developer Guide says to start with WhiteLabelApprovalEndpoint,java
, which you can read on GitHub at this link.
User confirmation of the token grant is optional. You need to register the client as autoapprove="*" if you want to skip that step. I'm pretty sure that's in the user guide.