authorizationGrantType cannot be null in Spring Security 5 OAuth Client and Spring Boot 2.0

Question

I followed the Spring Security 5.0 official reference documentation and sample codes oauth2login to setup OAuth2/OIDC authentication in my project, but it failed and I got the following exception when I booted up my application by mvn spring-boot:run.

    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' 
    defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientRegistrationRepositoryConfiguration.class]: 
    Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: 
    Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: 
    Factory method 'clientRegistrationRepository' threw exception; 
    nested exception is java.lang.IllegalArgumentException: authorizationGrantType cannot be null

I was using the default configuration provided by Spring Boot and just added some basic dependencies into projects, such as spring-security-config, spring-security-oauth2-client, spring-security-oauth2-jsoe etc.

Updated:

I've found the reason, for custom OAuth2 providers, such as Gitlab, I have to add grant type, redirectUritemplate, scope, clientName etc, but OpenID Connect specification has a configuration endpoint protocol, eg: https://gitlab.com/.well-known/openid-configuration , is there possible to make Spring Security read this info automatically?

Update(5/15/2021): in the latest Spring Security 5.4 and Spring Boot 2.4, the OpenId configuration(.well-known/openid-configuration) is discovered by default, for most oauth2/oidc authorization servers, configure a issuer_uri is enough.

Answer 1

To elaborate on Arpeet's answer, the properties you need to include in your application.yaml to resolve the original error are as shown below, in this case for Azure AD (note this ONLY works with Spring Security 5, NOT Spring Security OAuth2 2.x whose functionality is being merged directly into Spring Security 5):

spring:
  security:
    oauth2:
      client:
        registration:
          microsoft:
            client-id: a935ba7b-6aa4-4b0c-9e84-04f9acaa477b
            client-secret: redacted
            authorization-grant-type: authorization_code
            redirect-uri-template: '{baseUrl}/login/oauth2/code/{registrationId}'
            scope: User.Read
            client-name: Microsoft
            client-alias: microsoft
        provider:
          microsoft:
            authorization-uri: https://login.microsoftonline.com/common/oauth2/authorize?resource=https://graph.microsoft.com/
            token-uri: https://login.microsoftonline.com/common/oauth2/token
            user-info-uri: https://graph.microsoft.com/v1.0/me
            user-name-attribute: sub
            jwk-set-uri: https://login.microsoftonline.com/common/discovery/keys

Answer 2

redirect-uri-template -> redirect-uri it works SpringBoot 2.2.0.RELEASE

but it works spring 2.1.x with redirect-uri-template

Answer 3

use redirect-uri instead of redirect-uri-template if use SpringBoot v2.2.1 RELEASE