Menu
Disclaimer: I honestly tried to google/github this, scanned through the OAuth2 migration guide, but couldn't find an answer to this, so here we go.
org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor from spring-cloud-security project acquires OAuth2 token and sets it to a Feign's RequestTemplate transparently to a client's invoker.
However, it relies on a deprecated OAuth2ClientContext class, which refers to an aforementioned migration guide, which still says that
For other flows, an OAuth2ClientContext instance needs to be constructed and exposed.
So would be great to know several things:
1. Is it really deprecated, or it's just that its usage should change (at least in certain cases)?
2. If former - what's the correct alternative?
3. Are there any plans to migrate OAuth2FeignRequestInterceptor from using the deprecated classes?
925
reactive. client. WebClient offers a modern alternative to the RestTemplate with efficient support for both sync and async, as well as streaming scenarios. The RestTemplate will be deprecated in a future version and will not have major new features added going forward.
The OAuth2ClientContext is the OAuth2 Security context that consists access token. We can create OAuth2RestTemplate bean with this as following.
springframework. security. oauth which supports oAuth2 (only) for Spring Security (not cloud), whereas spring-cloud-starter-oauth2 is a set of multiple dependencies like a starter web dependency above. This is OAuth2 starter for Spring Cloud that is only if you are working with Spring cloud.
The classes OAuth2FeignRequestInterceptor and OAuth2ClientContext has changed in the latest versions. It's changed to @Deprecated now. It already has an open issue linked to it. Lets understand it one by one.
OAuth2FeignRequestInterceptor : Previously it used to be a part of spring-cloud-security. You can now find it in the below link
spring-cloud/spring-cloud-openfeign
Exact class is in this link OAuth2FeignRequestInterceptor.java. This project is still a work in progress.
OAuth2ClientContext : If we look carefully in the javadoc present in the class it says:
@deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. The migration Guide mentioned in the link states that
This document contains guidance for moving OAuth 2.0 Clients and Resource Servers from Spring Security OAuth 2.x to Spring Security 5.2.x. Since Spring Security doesn’t provide Authorization Server support, migrating a Spring Security OAuth Authorization Server is out of scope for this document.
The latest changes are present in spring-security. In
spring-security 5.3.x information related to OAuth2 client can be found in the this link . OAuth2AuthorizedClient.java
You will get more details if you refer to the information
provided in the Migration Guide.
In future it will be a part of Spring Authorization
Server.
Github : spring-authorization-server which
under development. A lot of OAuth2 related stuff is present. e.g.
OAuth2Authorization.java which will used to getAccessToken,
RefreshToken etc.
Some more information from Stackoverflow about the alternatives which might help. this
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
