Skip to content

Allow customizing OAuth2ProtectedResourceMetadataFilter RequestMatcher #19327

Description

@reda-alaoui

Expected Behavior

I should be able to customize OAuth2ProtectedResourceMetadataFilter#requestMatcher

Current Behavior

I cannot customize OAuth2ProtectedResourceMetadataFilter#requestMatcher.

Context

My Spring main servlet listens at /api for historical reasons. Therefore, I need the protected resource metadata to be served at /api/.well-known/oauth-protected-resource. But it's currently hardcoded at /.well-known/oauth-protected-resource.

Note: I know the RFC hardcodes /.well-known/oauth-protected-resource. But the RFC also allows WWW-Authenticate to provide any url to resolve the same metadata.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions