DEV Community

Discussion on: Spring boot + Spring Security 5 + OAuth2/OIDC Client - Deep Dive

Collapse
shyamala_u profile image
Shyamala Author

Hi,
Thank you for the response, I hope you already went through this.
The distinction between Role and Authority is subtle as explained here, without looking into your userAuthoritiesMapper, I cannot be sure. It would be helpful if you can share your code , for me to have a look at it.

Collapse
erlendfg profile image
erlendfg

Thanks for your reply and your willingness to help. Actually it works after I changed .antMatchers("/user/", "/user/index.html") to .antMatchers("/user/**").

Since our old SAML2.0-based application needs a UserDetails object, do you have any suggestions how to proceed? My thoughts is to configure the following to map authorities and to return a UserDetails object which implements OAuth2UserService<OidcUserRequest, OidcUser>.

.oidcUserService(oidcUserService());

private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() { …

The latter question is just meant as a contribution to the discussion, not something I need help to implement. Using a UserDetails object is very usual in Spring Security, but the documentation does not mention this strategy.