I see. For this use case you actually need to follow the redirect. So you have to just go with the flow (I think).
I'm not even sure you can hide this from the user without writing code in the browser - it's the browser that has the session with the auth server (if there is one).
So a pre-auth filter isn't such a great idea after all
so if I use the OAuth2RestTemplate but add the SESSION cookie to the request, it knows it's logged in and then the restTemplate stores the accessToken?
So unless you want all client apps to share a token, then sharing a session with the auth server is bad. If you don't mind sharing, maybe you can still be careful and not corrupt each other's state.
The question is how would you implement it, I've got a webshop, a portal and more apps coming. and a couple of resource servers both in spring and in .net
The front end apps webshop, portal and wordpress need to have the same user logged into all of them, and when he / she logs out it should logout of all apps
I've implemented remember me functionality with the authserver, so you are logged in the for as long as that cookie exists
that only applies to the webshop
in the portal you are always logged in
I'm going to have a stab at sending a request to the authserver including the session cookie, and if the user is logged in, I can redirect the webshop to /login which will force it to login, thus getting the auth token