Removes Session From OAuth2

.gitignore

@@ -32,7 +32,7 @@ build/
 ### VS Code ###
 .vscode/
 
-src/main/resources/application-devel.yml
+src/main/resources/*-devel.yml
 
 ### Maven ###
 target/

src/main/java/br/com/hideyoshi/auth/config/RedisConfig.java

@@ -0,0 +1,18 @@
+package br.com.hideyoshi.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
+
+@Configuration
+@EnableRedisRepositories
+public class RedisConfig {
+    @Bean
+    public RedisTemplate<?, ?> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
+        RedisTemplate<byte[], byte[]> template = new RedisTemplate<byte[], byte[]>();
+        template.setConnectionFactory(redisConnectionFactory);
+        return template;
+    }
+}

src/main/java/br/com/hideyoshi/auth/security/oauth2/repository/OAuthRequestRepository.java

@@ -1,6 +1,8 @@
 package br.com.hideyoshi.auth.security.oauth2.repository;
 
+import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.stereotype.Repository;
@@ -11,11 +13,13 @@ import java.util.Objects;
 
 @Log4j2
 @Repository
+@RequiredArgsConstructor
 public class OAuthRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
 
+    private final RedisTemplate<String, OAuth2AuthorizationRequest> template;
+
     @Override
     public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
-
         String state = request.getParameter("state");
         if (Objects.nonNull(state)) {
             return removeAuthorizationRequest(request);
@@ -25,14 +29,7 @@ public class OAuthRequestRepository implements AuthorizationRequestRepository<OA
 
     @Override
     public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) {
-
-        String state = authorizationRequest.getState();
-
-        request.getSession().setAttribute(
-                String.format("state_%s", state),
-                authorizationRequest
-        );
-
+        this.saveAuthorizationRequest(authorizationRequest);
     }
 
     @Override
@@ -42,26 +39,29 @@ public class OAuthRequestRepository implements AuthorizationRequestRepository<OA
 
         OAuth2AuthorizationRequest authorizationRequest = null;
         if (Objects.nonNull(state)) {
-            authorizationRequest = this.getAuthorizationRequestFromSession(request, state);
+            authorizationRequest = this.getAuthorizationRequestFromSession(state);
         }
 
         if (Objects.nonNull(authorizationRequest)) {
-            removeAuthorizationRequestFromSession(request, state);
+            removeAuthorizationRequestFromSession(state);
             return authorizationRequest;
         }
         return null;
     }
 
-    private OAuth2AuthorizationRequest getAuthorizationRequestFromSession(HttpServletRequest request, String state) {
-        return (OAuth2AuthorizationRequest) request.getSession().getAttribute(
-                String.format("state_%s", state)
+    private void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest) {
+        this.template.opsForValue().set(
+                String.format("state_%s", authorizationRequest.getState()),
+                authorizationRequest
         );
     }
 
-    private void removeAuthorizationRequestFromSession(HttpServletRequest request, String state) {
-        request.getSession().removeAttribute(
-                String.format("state_%s", state)
-        );
+    private OAuth2AuthorizationRequest getAuthorizationRequestFromSession(String state) {
+        return this.template.opsForValue().get(String.format("state_%s", state));
+    }
+
+    private void removeAuthorizationRequestFromSession(String state) {
+        this.template.delete(String.format("state_%s", state));
     }
 
 }

src/main/resources/application.yml

@@ -20,6 +20,7 @@ server:
     session:
       cookie:
         same-site: none
+        secure: true
   port: ${PORT}
 
 spring: