Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Allow OAuth2ClientSpec to get ReactiveOAuth2AccessTokenResponseClient from Spring IoC #11097

Closed
NotFound403 opened this issue Apr 12, 2022 · 6 comments
Closed

Allow OAuth2ClientSpec to get ReactiveOAuth2AccessTokenResponseClient from Spring IoC #11097

NotFound403 opened this issue Apr 12, 2022 · 6 comments
Assignees
@sjohnr
Labels
in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
6.4.0-RC1

Comments

@NotFound403
Copy link

NotFound403 commented Apr 12, 2022
edited
Loading

Expected Behavior

Just like OAuth2LoginSpec, OAuth2ClientSpec should get ReactiveOAuth2AccessTokenResponseClient from Spring IoC :

  		/**
		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an explicitly configured manager, and
		 * defaults to {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
		 *
		 * @return the {@link ReactiveAuthenticationManager} to use
		 */
		private ReactiveAuthenticationManager getAuthenticationManager() {
			if (this.authenticationManager == null) {
				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(getAccessTokenResponseClient());
			}
			return this.authenticationManager;
		}

		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
			if (bean == null) {
				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
			}
			return bean;
		}

Current Behavior

Current mechanism :

		private ReactiveAuthenticationManager getAuthenticationManager() {
			if (this.authenticationManager == null) {
				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(new WebClientReactiveAuthorizationCodeTokenResponseClient());
			}
			return this.authenticationManager;
		}

Context
I consider that,ReactiveOAuth2AccessTokenResponseClient in Spring IoC is the default one 、the global one. This facilitates consistent behavior,if not I need like the following :

    @Bean
    @ConditionalOnMissingBean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange().anyExchange().authenticated();
        http.oauth2Login();
        http.oauth2Client().authenticationManager(new OAuth2AuthorizationCodeReactiveAuthenticationManager(oAuth2AccessTokenResponseClient()));
        return http.build();
    }

    @Bean
    public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> oAuth2AccessTokenResponseClient() {
    // ignore
    }

It looks not good.
@NotFound403 NotFound403 added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 12, 2022
@eleftherias eleftherias self-assigned this Apr 14, 2022
@sjohnr
Copy link
Member

sjohnr commented May 19, 2022

Hi @NotFound403. I'm going through a few unanswered issues and saw this one.

It looks not good.

Can you explain what you mean here? For example, do you mean that there's a workaround but it is inconvenient or difficult? Or do you mean something you're trying to achieve is impossible?

@sjohnr sjohnr assigned sjohnr and unassigned eleftherias May 19, 2022
@sjohnr sjohnr added in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels May 19, 2022
@spring-projects-issues
Copy link

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Jun 2, 2022
@sjohnr sjohnr removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Jun 3, 2022
@sjohnr
Copy link
Member

sjohnr commented Jun 3, 2022

@NotFound403 did you happen to see the above comment?

@NotFound403
Copy link
Author

ReactiveOAuth2AccessTokenResponseClient could customize and have the global default one in Spring IoC

@sjohnr
Copy link
Member

sjohnr commented Jun 6, 2022

Thanks @NotFound403. I think you're just requesting a general enhancement (nice-to-have) to make OAuth2ClientSpec consistent with OAuth2LoginSpec in the way it obtains a ReactiveOAuth2AccessTokenResponseClient for creating the default OAuth2AuthorizationCodeReactiveAuthenticationManager. Let me know if you think there's anything I've missed.

@NotFound403
Copy link
Author

NotFound403 commented Jun 7, 2022
edited
Loading

Thanks @NotFound403. I think you're just requesting a general enhancement (nice-to-have) to make OAuth2ClientSpec consistent with OAuth2LoginSpec in the way it obtains a ReactiveOAuth2AccessTokenResponseClient for creating the default OAuth2AuthorizationCodeReactiveAuthenticationManager. Let me know if you think there's anything I've missed.

yes, keep them consistent

@sjohnr sjohnr removed their assignment Jun 10, 2022
@sjohnr sjohnr self-assigned this Jun 24, 2024
@sjohnr sjohnr added this to the 6.4.x milestone Jun 24, 2024
@sjohnr sjohnr moved this to Planning in Spring Security Team Jun 24, 2024
@sjohnr sjohnr mentioned this issue Jun 24, 2024
Open
9 tasks
@sjohnr sjohnr moved this from Planning to Prioritized in Spring Security Team Sep 23, 2024
@sjohnr sjohnr closed this as completed in cd7f6e0 Sep 23, 2024
@sjohnr sjohnr modified the milestones: 6.4.x, 6.4.0-RC1 Sep 23, 2024
@sjohnr sjohnr moved this from Prioritized to Done in Spring Security Team Sep 23, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@sjohnr sjohnr

Labels
in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.4.0-RC1
Development

No branches or pull requests
4 participants
@sjohnr @eleftherias @spring-projects-issues @NotFound403