Spring Security OAuth2 授权码模式使用 PKCE

主要代码

拓展DefaultOAuth2AuthorizationRequestResolver，设置AuthorizationRequestCustomizer为OAuth2AuthorizationRequestCustomizers.withPkce()。

完整代码

@Slf4j
@Configuration
@EnableWebSecurity(debug = true)
public class WebConfig {

    @Bean
    @Order(0)
    SecurityFilterChain securityFilterChain0(HttpSecurity http, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
        http
                .securityMatcher( "/web/**", "/oauth2/authorization/keycloak", "/login/oauth2/code/keycloak")
                .formLogin(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable)
                .anonymous(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(authorizeHttpRequests -> {
                    authorizeHttpRequests.anyRequest().authenticated();
                })
                .oauth2Login(login -> {
                    login.authorizationEndpoint(authorizationEndpoint -> {
                        DefaultOAuth2AuthorizationRequestResolver resolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
                        resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
                        authorizationEndpoint.authorizationRequestResolver(resolver);
                    });
                })

        ;

        return http.build();
    }

}