Menu
We are using spring security oauth2 to obtain token using client credentials grant type. We are not using the application.properties file for specifying the client credentials, instead we are supplying them programmatically.
ClientRegistration clientRegistration = ClientRegistration
.withRegistrationId("test")
.clientId("testclientid")
.clientSecret("testclientsecret")
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenUri("http://test.tokenuri.com")
.build();
ReactiveClientRegistrationRepository reactiveClientRegistrationRepository = new InMemoryReactiveClientRegistrationRepository(clientRegistration);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(
reactiveClientRegistrationRepository,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
oauth.setDefaultClientRegistrationId("test");
this.webClient = webClientFactory.getBuilder()
.filter(oauth)
.build();
The code is working fine, but we see a warning that UnAuthenticatedServerOAuth2AuthorizedClientRepository is deprecated.
The api docs for UnAuthenticatedServerOAuth2AuthorizedClientRepository recommend to use AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager instead, but AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager does not implement the same interface as UnAuthenticatedServerOAuth2AuthorizedClientRepository. What is the recommendation on replacing the deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository in this case?
I found https://github.com/spring-projects/spring-security/issues/8016 but the issue does not give much detail.
362
With the help of @Jokers answer, I managed to solve this problem in the following way. I put the credentials in appliction.properties and seperated the RegistrationRepository for that.
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.web.reactive.function.client.WebClient;
@Configuration
public class MyClientRequestConfig {
@Bean
ReactiveClientRegistrationRepository getRegistration(
@Value("${spring.security.oauth2.client.provider.myprovider.token-uri}") String token_uri,
@Value("${spring.security.oauth2.client.registration.myprovider.client-id}") String client_id,
@Value("${spring.security.oauth2.client.registration.myprovider.client-secret}") String client_secret
) {
ClientRegistration registration = ClientRegistration
.withRegistrationId("myprovider")
.tokenUri(token_uri)
.clientId(client_id)
.clientSecret(client_secret)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.build();
return new InMemoryReactiveClientRegistrationRepository(registration);
}
@Bean(name = "myprovider")
WebClient webClient(ReactiveClientRegistrationRepository clientRegistrations) {
InMemoryReactiveOAuth2AuthorizedClientService clientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrations);
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, clientService);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth.setDefaultClientRegistrationId("myprovider");
return WebClient.builder()
.filter(oauth)
.build();
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
