I have made an OAuth2 configuration in Spring Boot. It also works, especially when I make get requests via the browser URL and I am not yet authenticated, I am redirected to the IDP, I can log in and am also redirected again accordingly. I have built an endpoint for this. In addition, I use an SPA with which the login also works, provided I use an href and call the implemented route. However, if I make a call to the API via Javascript, I would actually expect an Unauthorized if no login has yet taken place. Instead, spring boot tries to forward me to the IDP, but then I get a CORS problem from the IDP. Is there any way I can set that unauthorized routes actually send an Unauthorized status instead of forwarding to the IDP? I have already tried to implement the AuthenticationEntryPoint via exceptionhandling, but then every request is answered with 401.
This is my actual code without AuthenticationEntryPoint