AuthenticationSuccessEvent fires twice times when post to /oauth/token success

Question

AuthenticationSuccessEvent fires twice times when post to /oauth/token success

isscy opened this issue 4 years ago · 1 comments

I watch AuthenticationSuccessEvent but have twice event fries , i know they from client authentication and user authentication , but event.getSource() result all is instance of UsernamePasswordAuthenticationToken.

so i want to know why In the BasicAuthenticationFilter (or ClientCredentialsTokenEndpointFilter) , convert request to UsernamePasswordAuthenticationToken, cause i can not judgment event trigger source

Answer 1 · 2020-09-16T14:12:08.000Z

Thanks for reaching out, @isscy.

BasicAuthenticationFilter adds an AuthenticationDetailsSource to the Authentication, and you can inspect it with Authentication#getDetails.

You can also customize this with additional information by creating your own instance of AuthenticationDetailsSource like so:

http
    .httpBasic((basic) -> basic
        .authenticationDetailsSource(...)
    );

Or, it's not uncommon to need to customize the principal to include domain-specific information about the user. You might be able to tell by calling Authentication#getPrincipal and inspecting the differences there.

In the future, we prefer to use GitHub issues only for bugs and enhancements. For usage questions, Stack Overflow is preferred. That said, I hope my answer was helpful. If you need more help, please post a question to Stack Overflow and link that question back to this ticket so that others can find it.