You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I @EnableOAuth2Client hoping that OAuthRestTemplate would use client_credentials on use.
sadly OAuth2RestOperationsConfiguration has the following code:
protected abstract static class BaseConfiguration {
@Bean
@ConfigurationProperties("security.oauth2.client")
@Primary
public AuthorizationCodeResourceDetails oauth2RemoteResource() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
return details;
}
}
@Configuration
@ConditionalOnNotWebApplication
protected static class SingletonScopedConfiguration {
@Bean
@ConfigurationProperties("security.oauth2.client")
@Primary
public ClientCredentialsResourceDetails oauth2RemoteResource() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
return details;
}
@Bean
public DefaultOAuth2ClientContext oauth2ClientContext() {
return new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest());
}
}
SingletonScopedConfiguration is not used because of ConditionalOnNotWebApplication
AuthorizationCodeResourceDetails is created BUT the grant_type is overriden and set to client_credentials :/. This causes AuthorizationCodeAccessTokenProvider to fail on
Can i make a pull request changing @ConditionalOnNotWebApplication
to @ConditionalOnProperty(value="spring.oauth2.client.grant-type", havingValue="client-credentials") ?
The text was updated successfully, but these errors were encountered:
I don't think we'd want to change the default behaviour, but if you want to send a pull request with an explicit check for the grant type as well, that's probably fine.
Actually, it is kind of screwy that an app that explicitly declares @EnableOAuth2Client and configures a security.oauth2.client.* for client credentials shouldn't be rewarded with a little more autoconfiguration love. It catches everyone out who tries to do it and it's not a big thing to fix. The OAuth2ClientContext is already created, but not the ClientCredentialsResourceDetails.
dsyer
changed the title
oauth2 rest operation configuration invalid with @EnableOAuth2Client
Make autoconfig work better for web app with client credentials and @EnableOAuth2Client
Dec 20, 2016
I have a web application, configured like this
I @EnableOAuth2Client hoping that OAuthRestTemplate would use client_credentials on use.
sadly OAuth2RestOperationsConfiguration has the following code:
SingletonScopedConfiguration is not used because of ConditionalOnNotWebApplication
AuthorizationCodeResourceDetails is created BUT the grant_type is overriden and set to client_credentials :/. This causes AuthorizationCodeAccessTokenProvider to fail on
Can i make a pull request changing @ConditionalOnNotWebApplication
to @ConditionalOnProperty(value="spring.oauth2.client.grant-type", havingValue="client-credentials") ?
The text was updated successfully, but these errors were encountered: