Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify registering a custom (Reactive)OAuth2AuthorizedClientProvider #13181

Closed
jzheaux opened this issue May 15, 2023 · 3 comments
Closed

Simplify registering a custom (Reactive)OAuth2AuthorizedClientProvider #13181

jzheaux opened this issue May 15, 2023 · 3 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented May 15, 2023

To specify a custom OAuth2AuthorizedClientProvider requires specifying a number of other things as well:

@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
        ClientRegistrationRepository clientRegistrationRepository,
        OAuth2AuthorizedClientRepository authorizedClientService) {
    var custom  = new JwtBearerReactiveOAuth2AuthorizedClientProvider();
    custom.setClockSkew(Duration.ofMinutes(2));
    var authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
                    clientRegistrationRepository, authorizedClientService);
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
    return authorizedClientManager;
}

It would be nice to be able to focus only on the provider itself, like so:

@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
    var jwtBearer  = new JwtBearerOAuth2AuthorizedClientProvider();
    jwtBearer.setClockSkew(Duration.ofMinutes(2));
    return jwtBearer;
}

It seems like this is already the pattern that is encouraged by the fact that OAuth2ClientConfiguration looks for the other components of OAuth2AuthorizedClientManager as beans.

I think it would be good to further simplify this configuration by also deprecating the lookup of OAuth2AccessTokenResponseClient for client credentials since this is a couple of layers of configuration deep. Instead, I think it would be better for folks to do:

@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
    var clientCredentials  = new ClientCredentialsOAuth2AuthorizedClientProvider();
    clientCredentials.setAccessTokenResponseClient(custom);
    return clientCredentials;
}

Or if more are needed then:

@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
    return OAuth2AuthorizedClientProviderBuilder.builder()
        .authorizationCode().clientCredentials((client) -> client.accessTokenResponseClient(custom))
        .build();
}
@jzheaux jzheaux added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels May 15, 2023
@jzheaux jzheaux changed the title Simplify registering a custom (Reactive)OAuth2AuthorizedClientProvider Simplify registering a custom (Reactive)OAuth2AuthorizedClientProvider May 15, 2023
@jzheaux jzheaux mentioned this issue May 15, 2023
Closed
@jgrandja
Copy link
Contributor

Related gh-8882

@jgrandja
Copy link
Contributor

@jzheaux This seems very similar to gh-11783

@jzheaux
Copy link
Contributor Author

jzheaux commented May 20, 2023

Since I think that publishing a OAuth2AuthorizedClientProvider is a happy medium with the current model, I've added it as a concrete suggestion to #11783 and closed this issue.

@jzheaux jzheaux closed this as completed May 20, 2023
@jzheaux jzheaux added status: duplicate A duplicate of another issue in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels May 20, 2023
@jzheaux jzheaux self-assigned this May 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jzheaux @jgrandja