Expected Behavior
I should be able to customize OAuth2ProtectedResourceMetadataFilter#requestMatcher
Current Behavior
I cannot customize OAuth2ProtectedResourceMetadataFilter#requestMatcher.
Context
My Spring main servlet listens at /api for historical reasons. Therefore, I need the protected resource metadata to be served at /api/.well-known/oauth-protected-resource. But it's currently hardcoded at /.well-known/oauth-protected-resource.
Note: I know the RFC hardcodes /.well-known/oauth-protected-resource. But the RFC also allows WWW-Authenticate to provide any url to resolve the same metadata.
Expected Behavior
I should be able to customize
OAuth2ProtectedResourceMetadataFilter#requestMatcherCurrent Behavior
I cannot customize
OAuth2ProtectedResourceMetadataFilter#requestMatcher.Context
My Spring main servlet listens at
/apifor historical reasons. Therefore, I need the protected resource metadata to be served at/api/.well-known/oauth-protected-resource. But it's currently hardcoded at/.well-known/oauth-protected-resource.Note: I know the RFC hardcodes
/.well-known/oauth-protected-resource. But the RFC also allows WWW-Authenticate to provide any url to resolve the same metadata.