Skip to content

Commit

Permalink
Add configuration property to allow multiple issuers
Browse files Browse the repository at this point in the history
  • Loading branch information
opcooc authored and wilkinsona committed Jul 17, 2024
1 parent f7780b4 commit b0b97fb
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,30 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
*/
private String issuer;

/**
* Set to {@code true} if multiple issuers are allowed per host. Using path
* components in the URL of the issuer identifier enables supporting multiple
* issuers per host in a multi-tenant hosting configuration.
*
* <p>
* For example:
* <ul>
* <li>{@code https://example.com/issuer1}</li>
* <li>{@code https://example.com/authz/issuer2}</li>
* </ul>
*
* <p>
* <b>NOTE:</b> Explicitly configuring the issuer identifier via
* {@link #issuer(String)} forces to a single-tenant configuration. Avoid
* configuring the issuer identifier when using a multi-tenant hosting
* configuration, allowing the issuer identifier to be resolved from the
* <i>"current"</i> request.
* @param multipleIssuersAllowed {@code true} if multiple issuers are allowed per
* host, {@code false} otherwise
* @return the {@link Builder} for further configuration
*/
private boolean multipleIssuersAllowed = false;

/**
* Registered clients of the Authorization Server.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,8 @@ AuthorizationServerSettings asAuthorizationServerSettings() {
OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint();
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
map.from(this.properties::getIssuer).to(builder::issuer);
map.from(this.properties::getIssuer).whenHasText().to(builder::issuer);
map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed);
map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint);
map.from(endpoint::getDeviceVerificationUri).to(builder::deviceVerificationEndpoint);
Expand Down

0 comments on commit b0b97fb

Please sign in to comment.