I'm working on integrating Spring Security with CAS by openid connect of authorization_code flow. According to openid connect protocol, there are following steps:
- ....
- browser get Authentication and code from OpenID Provider
- browser send the code to client
- client makes token request to OpenID provider for access token.
- ....
The issue happened on step 4. Spring Security make the request and put the grant_type, code info into body instead of the url. But CAS require to put the code info into url. [CAS API for Authorization Code]
Does anybody has experience with such situation? Any Suggestion is appreciate