Expected Behavior
I would like to be able to invalidate Spring session when user leaves Consent screen in spring authorization server.
Current Behavior
This is technically possible however it requires copying code from:
org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter#sendAuthorizationResponse
and
org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter#sendErrorResponse
It should be possible to reuse those existing handlers so it's not required to copy paste the code when customizing
Context
I'm building an authentication flow based on Spring authorization server, where i want user to need to authenticate each time he/she interacts with the authorization server
Expected Behavior
I would like to be able to invalidate Spring session when user leaves Consent screen in spring authorization server.
Current Behavior
This is technically possible however it requires copying code from:
org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter#sendAuthorizationResponse
and
org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter#sendErrorResponse
It should be possible to reuse those existing handlers so it's not required to copy paste the code when customizing
Context
I'm building an authentication flow based on Spring authorization server, where i want user to need to authenticate each time he/she interacts with the authorization server