BestHub
Sign in
Backend Development 4 min read

How to Customize OAuth 2.0 Token Endpoint in Spring Security

Learn how to retrieve OAuth 2.0 tokens using the password grant, customize the default token endpoint with Spring Security OAuth2, and understand the underlying source code that maps the new endpoint, complete with practical curl commands and Java configuration examples.

Java Architecture Diary
Java Architecture Diary
Java Architecture Diary
How to Customize OAuth 2.0 Token Endpoint in Spring Security

How to Obtain OAuth 2.0 Token

Example: obtaining a token using the password grant type.

curl --location --request POST 'http://oauth-server/oauth/token' \
--header 'Authorization: Basic dGVzdDp0ZXN0' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=123456' \
--data-urlencode 'scope=server' \
--data-urlencode 'grant_type=password'
{
  "access_token":"2YotnFZFEjr1zCsicMWpAA",
  "token_type":"example",
  "expires_in":3600,
  "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
  "example_parameter":"example_value"
}

The original flow accesses the OAuth 2.0 /oauth/token endpoint as shown below.

TokenEndpoint.postAccessToken

@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters){
  ...
  return getResponse(token);
}

Customizing the Default Token Endpoint

By default, all business systems use /oauth/token as the login interface; you can change this path without rewriting the endpoint.

Spring Security OAuth2 allows customizing built‑in endpoint paths via AuthorizationServerConfigurerAdapter and pathMapping.

Example: mapping /oauth/token to /pig4cloud/login (note that the original path becomes invalid after configuration).

@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
                .pathMapping("/oauth/token","/pig4cloud/login");
    }
}

The token URL now becomes:

curl --location --request POST 'http://oauth-server/pig4cloud/login' \
--header 'Authorization: Basic dGVzdDp0ZXN0' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=123456' \
--data-urlencode 'scope=server' \
--data-urlencode 'grant_type=password'

Source Code Analysis

How does Spring Security OAuth2 implement this endpoint customization? AuthorizationServerEndpointsConfigurer is written into a custom HandlerMapping.

private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping() {
  if (frameworkEndpointHandlerMapping == null) {
    frameworkEndpointHandlerMapping = new FrameworkEndpointHandlerMapping();
    frameworkEndpointHandlerMapping.setMappings(patternMap);
    frameworkEndpointHandlerMapping.setPrefix(prefix);
    frameworkEndpointHandlerMapping.setInterceptors(interceptors.toArray());
  }
  return frameworkEndpointHandlerMapping;
}

The Spring MVC DispatcherServlet routes requests according to the new mapping.

Diagram of Spring MVC routing
Diagram of Spring MVC routing
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

javaOAuth2spring-securityToken Endpoint
Java Architecture Diary
Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment