Skip to content

feat: Add OAuth2 proxy support for authentication requests #1540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
joshuaNathaniel wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: Add OAuth2 proxy support for authentication requests #1540

Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5a314ac
feat: Add OAuth2 proxy support for authentication requests
joshuaNathaniel Nov 29, 2025
cf5e4f4
feat: Add OAuth2 proxy support using JVM system properties
joshuaNathaniel Dec 1, 2025
e97eae7
feat: Extend OAuth2 proxy support to all authentication endpoints
joshuaNathaniel Dec 2, 2025
b74c3ac
refactor: Make OAuth2 WebClient a qualified Spring bean
joshuaNathaniel Dec 2, 2025
7964032
test: fix issue with netty proxy not allowing localhost as proxy on l…
joshuaNathaniel Dec 2, 2025
7f49065
test: provide additional comments and guards for oauth test support
joshuaNathaniel Dec 3, 2025
0a85ea0
refactor: Use inline OAuth2 resource server config with proxy WebClient
joshuaNathaniel Dec 6, 2025
c77e7df
Merge branch 'main' into issues/196
germanosin Dec 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion api/src/main/java/io/kafbat/ui/config/auth/OAuthSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
Expand All @@ -36,7 +37,9 @@
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;

@Configuration
@ConditionalOnProperty(value = "auth.type", havingValue = "OAUTH2")
Expand Down Expand Up @@ -84,8 +87,13 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, OAuthLogoutSucc
}

@Bean
public ReactiveOAuth2UserService<OidcUserRequest, OidcUser> customOidcUserService(AccessControlService acs) {
public ReactiveOAuth2UserService<OidcUserRequest, OidcUser> customOidcUserService(
AccessControlService acs,
ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
final OidcReactiveOAuth2UserService delegate = new OidcReactiveOAuth2UserService();

delegate.setOauth2UserService(oauth2UserService);

return request -> delegate.loadUser(request)
.flatMap(user -> {
var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
Expand All @@ -102,6 +110,14 @@ public ReactiveOAuth2UserService<OidcUserRequest, OidcUser> customOidcUserServic
@Bean
public ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> customOauth2UserService(AccessControlService acs) {
final DefaultReactiveOAuth2UserService delegate = new DefaultReactiveOAuth2UserService();

// Configure WebClient to use system proxy properties (if set)
delegate.setWebClient(
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(
HttpClient.create().proxyWithSystemProperties()))
.build());

return request -> delegate.loadUser(request)
.flatMap(user -> {
var provider = getProviderByProviderId(request.getClientRegistration().getRegistrationId());
Expand Down
Loading