Spring Authorization Server 0.2.2, how to disable a default authentication provider like (OAuth2TokenRevocation) and override it with a custom one?

I am using the new Spring Authorization Server 0.2.2 and I want to change the logic of the OAuth2TokenRevocationAuthenticationProvider and make my own implementation for the Token Revocation endpoint.

I added a new CustomRevocationAuthenticationProvider

public class CustomRevocationAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        //My implementation
        try {

        //My implementation

        } catch (Exception e) {
            throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
        }

        //My implementation
    }


@Override
public boolean supports(Class<?> authentication) {
    return OAuth2TokenRevocationAuthenticationToken.class.isAssignableFrom(authentication);
}

and I added this provider to the SecurityFilterChain like this:

@Bean
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        return http.formLogin(Customizer.withDefaults())
                .authenticationProvider(new CustomRevocationAuthenticationProvider())
                .build();
    }

It works good but when I throw a OAuth2AuthenticationException in my implementation, the default OAuth2TokenRevocationAuthenticationProvider get executed and return 200 OK response.

is there any way to disable the default oauth2 provider from handling my exception and getting executed?



Comments

Popular posts from this blog

Today Walkin 14th-Sept

Spring Elasticsearch Operations

Hibernate Search - Elasticsearch with JSON manipulation