Expected Behavior
OAuth2LoginAuthenticationFilter has a authenticationResultConverter property (link to code). It would be nice if we could set it through HttpSecurity.oauth2Login configuration during SecurityFilterChain registration
Current Behavior
It seems there is no way to set it to a custom converter through HttpSecurity builder. I tried registering a custom Converter bean implementation for the same type but it wasn't auto-wired through the setter method. I guess oauth2 login configurer doesn't attempt to find a converter bean during initialization.
Context
What I am trying to do is, capture some request parameters during the oauth login authorization flow and then access them after successful authentication. I have a custom OAuth2AuthorizationRequestResolver which appends additional attributes to the OAuth2AuthorizationRequest. After successful authentication, OAuth2LoginAuthenticationFilter obtains a OAuth2LoginAuthenticationToken and converts it to a OAuth2AuthenticationToken. It seems, there is no way to access the OAuth2AuthorizationRequest afterwards. So I need to have a custom converter there.
I use a BeanPostProcessor as a workaround to set the converter which seems to be working fine. I just thought it would be nice to have it configurable as OAuth2LoginAuthenticationFilter already have a public setter for that property.
Comment From: ckalan
I found another way to do this through custom OAuth2UserService, OidcUserService and OAuth2AccessTokenResponseClient implementations to copy custom authorization request attributes to the resulting OAuth2User attributes which looks like a better solution without any need for a custom OAuth2AuthenticationToken class that is created through authentication conversion I wanted before. So I am not sure if this request still makes sense
Comment From: rohan-naik07
Can I work on this?? @ckalan