Expected Behavior
In Consent related implementation:
org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider#authenticate there is implementation which adds OPENID scope if it's not given - so it's let say "auto-added"
I need to be able to provide arbitrary list of such scopes which are auto added
Current Behavior
To achieve the above, i would need to replace whole class OAuth2AuthorizationConsentAuthenticationProvider, copy the code and add my extension
Context
I need to add to user's access token, scopes which are not known at the point of calling "authorize" endpoint. They are derived from user profile, In particular from the list of organizations which user is allowed to access
Expected Behavior
In Consent related implementation:
org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider#authenticate there is implementation which adds OPENID scope if it's not given - so it's let say "auto-added"
I need to be able to provide arbitrary list of such scopes which are auto added
Current Behavior
To achieve the above, i would need to replace whole class OAuth2AuthorizationConsentAuthenticationProvider, copy the code and add my extension
Context
I need to add to user's access token, scopes which are not known at the point of calling "authorize" endpoint. They are derived from user profile, In particular from the list of organizations which user is allowed to access