OAuth2TokenCustomizer not respecting @Primary #2211
Description
Describe the bug
I am opening a new issue, because it looks like my last comment on the already closed #2183 did not reach its audience.
My use-case is, in our authorization-server implementation we are supporting multiple issuers. We are following the suggested pattern for multi-tenancy described in https://docs.spring.io/spring-authorization-server/reference/guides/how-to-multitenancy.html. However we like to have the tenant-specific components also to have as beans, to have things like auto-wiring etc.
More specific, we want to have a dedicated implementation of OAuth2TokenCustomizer<JwtEncodingContext> per tenant.
Doing this, and registering each implementation as a bean we run into following error:
Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'authorizationServerSecurityFilterChain' threw exception with message: No qualifying bean of type 'org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext>' available: expected single matching bean but found 3: clientAssertionOAuth2TokenCustomizer,customClaimsOAuth2TokenCustomizer,tenantAwareOAuth2TokenCustomizer
And the root cause:
Caused by: org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type 'org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer<org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext>' available: expected single matching bean but found 3: clientAssertionOAuth2TokenCustomizer,customClaimsOAuth2TokenCustomizer,tenantAwareOAuth2TokenCustomizer
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getOptionalBean(OAuth2ConfigurerUtils.java:241)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getJwtCustomizer(OAuth2ConfigurerUtils.java:173)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getJwtGenerator(OAuth2ConfigurerUtils.java:131)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getTokenGenerator(OAuth2ConfigurerUtils.java:108)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2TokenEndpointConfigurer.createDefaultAuthenticationProviders(OAuth2TokenEndpointConfigurer.java:251)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2TokenEndpointConfigurer.init(OAuth2TokenEndpointConfigurer.java:194)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.lambda$init$5(OAuth2AuthorizationServerConfigurer.java:367)
at java.base@21.0.7/java.util.LinkedHashMap$LinkedValues.forEach(LinkedHashMap.java:833)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.init(OAuth2AuthorizationServerConfigurer.java:366)
at app//org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.init(OAuth2AuthorizationServerConfigurer.java:86)
at app//org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:388)
at app//org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:350)
at app//org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38)
Expected behavior
OAuth2ConfigurerUtils should pickup the bean annotated with @Primary