Try to migrate to using standard OpenID Connect with Spring Security for authentication purposes and OAuth 2.0 acting as Resource Server related to APIs for authorization.
Here, you have an example with multiples OIDC providers:
server:
port: ${server_port:8081}
servlet:
context-path: "/issuer"
use-forward-headers: true
vc:
authority: ${vc_authority:did:web:xxx.sa.ngrok.io}
client-name: 'Verifiable Credential Employee'
credential-manifest: ${vc_credential_manifest:https://verifiedid.did.msidentity.com/v1.0/tenants/xxx/verifiableCredentials/contracts/276e7ec3-3ec6-e25f-b2ee-d56a6205d638/manifest}
credential-type: 'VerifiedCredentialEmployee'
issuance-uri: https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/createIssuanceRequest
issuance-callback-url: ${vc_issuance_callback_url:https://xxx.sa.ngrok.io/api/vc/issuance/callback}
issuance-request: '{ "includeQRCode": false, "callback": { "url": "${vc.issuance-callback-url}", "state": "%s", "headers": { "api-key": "%s" } }, "authority": "${vc.authority}", "registration": { "clientName": "${vc.client-name}" }, "type": "${vc.credential-type}", "manifest": "${vc.credential-manifest}" }'
spring:
thymeleaf:
cache: false
security:
oauth2:
show original
Alternatively, you can check out an API (RS) example: