Is there any way to override the OAuth2ProtectedResourceFilter? I want to be able to query to see if a user has already authorized an app by user id and the app's client id in cases where the client application has either lost or deleted the access token for that user. I want to return the existing access token so the user can skip the authorization page.

So far, it seems that the place to put this logic is in the OAuth2ProtectedResourceFilter doFilter() method as it loads existing authentications by access token. I would like to extend that functionality with what I stated above.

You should just be able to define a bean named "oauth2ProtectedResourceFilter" and that should override the default.

Ah, I see. Thanks.

In the end I actually solved my problem another way, without needing to override this filter.

Hi vtsao, would you be willing to share the solution? I'd be interested to know how you did that :)

I actually ended up doing something simple.

In the provider user authorization page that is defined in the oauth provider tag, e.g.:



<oauth:provider...>
<oauth:verification-code user-approval-page="/yourPage />
</oauth:provider>


Where /yourPage maps to a controller. I simply checked to see if the user had approved the app before (I store which apps a user has installed) and just redirect the user using a RedirectStrategy to the homepage instead of showing him/her the authorization page.

Not sure if this is the best way or not but it works.