The project uses sso. The authorization server is behind the front, but there is another site that uses it. And came up with the following flow:
1) Стучимся на бэк /auth/google и получаем ссылку на гугл для авторизации. 2) Подменяем redirect_uri на роут на фронте 3) Принимаем code на подмененном роуте 4) Отправляем code на /auth/google?code=received_code и все остальное It sort of solved all our problems ... In theory
Only here the problem arose in the state which is formed, as we understood on the basis of urls. And it turns out that during the substitution everything is invalid and does not work.
We cannot use the controller, because after redirecting to / auth / google, jwt should immediately be returned, without redirecting to the main one. For we have neither cookies, nor sessions, we cannot pass authentication between requests. And the filter allows objectPostProcessor to throw a successfull authentication and immediately write in response.
