Spring Security OAuth 2.0 login supports manual extraction of authorities like a resource server

Expected Behavior As stated in the official documentation, resource server supports use JwtAuthenticationConverter to convert SCOPE_admin to ROLE_admin.

I use OpenID Connect in the oauth 2.0 client package for single sign-on, but found that it does not support JwtAuthenticationConverter to convert into role permissions.

Oauth 2 login module supports the function of like JwtAuthenticationConverter, which can be configured to prefix SCOPE_ to ROLE_.

Current Behavior Oauth 2 login module does not support configuration SCOPE_ prefix. Interpret user authorities like as: [ROLE_USER, SCOPE_address, SCOPE_email, SCOPE_microprofile-jwt, SCOPE_offline_access, SCOPE_openid, SCOPE_phone, SCOPE_profile]

Context

Since the authorization methods used in the project are all based on role authentication, if the SCOPE_ prefix can be changed to the ROLE_ prefix, the change will become very small.

Comment From: jgrandja

@XhstormR Have you seen the reference on Mapping User Authorities?

There are 2 strategies that you can leverage:

1) Using a GrantedAuthoritiesMapper 2) Delegation-based strategy with OAuth2UserService

Does this help?

Comment From: XhstormR

Sorry, I miss this, I ended up using OAuth2UserService. Thanks.