From 8a416793aa63bded00e58853d15567bb16c05ab4 Mon Sep 17 00:00:00 2001
From: Joe Grandja <jgrandja@pivotal.io>
Date: Mon, 23 Oct 2017 11:02:17 -0400
Subject: [PATCH] Return AuthorizationRequest from
 AuthorizationRequestRepository.removeAuthorizationRequest

Fixes gh-4652
---
 .../oauth2/client/web/AuthorizationRequestRepository.java | 2 +-
 .../web/HttpSessionAuthorizationRequestRepository.java    | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
index 0bf5467af4..9907e7d572 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java
@@ -42,6 +42,6 @@ public interface AuthorizationRequestRepository {
 	void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
 									HttpServletResponse response);
 
-	void removeAuthorizationRequest(HttpServletRequest request);
+	AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request);
 
 }
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java
index e5d22f6238..29596ea16a 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java
@@ -54,7 +54,11 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
 	}
 
 	@Override
-	public void removeAuthorizationRequest(HttpServletRequest request) {
-		request.getSession().removeAttribute(this.sessionAttributeName);
+	public AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
+		AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request);
+		if (authorizationRequest != null) {
+			request.getSession().removeAttribute(this.sessionAttributeName);
+		}
+		return authorizationRequest;
 	}
 }