Asking the user for consent #13
Description
Hi,
I want to make the consent page work when users approve access to the requested scopes. I traced back consent to this class OAuth2ClientRegistrationRegisteredClientConverter. Here, consent is always false.
Can you devise a suitable mechanism to enable configuring consent in the authorisation server?
There is a valid property through yml config: require-authorization-consent: true
This is the code block I used without mcp-security, that works.
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer();
// Configure custom consent page
authorizationServerConfigurer.authorizationEndpoint(authorizationEndpoint ->
authorizationEndpoint.consentPage("/oauth2/consent"));
http
.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher());
.with(authorizationServerConfigurer, authorizationServer ->
authorizationServer.oidc(oidc -> oidc
.providerConfigurationEndpoint(providerConfiguration ->
providerConfiguration.providerConfigurationCustomizer
(this::customizeProviderConfiguration)
)
)
);
Thanks