/spring-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @Bean #6477

Open
jgrandja opened this Issue Jan 23, 2019 · 11 comments

Comments

Assignees

@jgrandja jgrandja

Labels
Improvement Java Config OAuth2 Reactive first-timers-only
Projects
None yet
Milestone
  5.2.0.M2
2 participants
@jgrandja @darthCodr
@jgrandja
Copy link
Collaborator

jgrandja commented Jan 23, 2019

We should allow for a @Bean of type ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> to be discovered by OAuth2LoginSpec.

This will allow the user to register a WebClientReactiveAuthorizationCodeTokenResponseClient @Bean with a configured WebClient via WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient().

@jgrandja jgrandja added Reactive OAuth2 first-timers-only labels Jan 23, 2019

@jgrandja jgrandja added this to the 5.2.0.M2 milestone Jan 23, 2019

@jgrandja jgrandja added Java Config Improvement labels Jan 23, 2019

@jgrandja jgrandja referenced this issue Jan 23, 2019

Closed

Use proxy to get access token #6472

@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Jan 23, 2019

Hello @jgrandja Does this have to do with autowiring that bean?

I’ll like to work on it regardless.
@jgrandja

This comment has been minimized.

Sign in to view
Copy link
Collaborator Author

jgrandja commented Jan 23, 2019

@darthCodr Yes, it's all about wiring the ReactiveOAuth2AccessTokenResponseClient @Bean if the application has registered it, otherwise same behaviour as today. Take a look at getOauth2UserService() or getOidcUserService() - it will follow the same pattern.
Please add a test as well. Thanks for taking this on!
@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Jan 27, 2019

You are welcome.

@jgrandja you mentioned that this @Bean ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> will allow user to register WebClientReactiveAuthorizationCodeTokenResponseClient @Bean.

Will my implementation be in ReactiveAuthenticationManager createDefault() ? just like this check - if (oidcAuthenticationProviderEnabled) ?

Also, I have looked at 'getOauth2UserService()' and 'getOidcUserService()'. Is there a particular method name you would like me to use?

I currently have something like this:

		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getOAuth2.......() {
			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);

			if (bean ==  null) {
				return new _DefaultReactiveOAuth2UserService();_
			}

			return bean;
		}

If the bean is null, should I return null? ... as DefaultReactiveOAuth2UserService() is not the same type as ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>. What would you like me to return when the bean is not found?

Maybe I didn't understand what you meant by "follow the same pattern". Would appreciate if you could explain more.

Many thanks.

@jgrandja jgrandja self-assigned this Jan 28, 2019

@jgrandja

This comment has been minimized.

Sign in to view
Copy link
Collaborator Author

jgrandja commented Jan 28, 2019

@darthCodr

Will my implementation be in createDefault()

Yes, this is exactly where you would apply the change.

Is there a particular method name you would like me to use?

Let's go with ReactiveOAuth2AccessTokenResponseClient getAccessTokenResponseClient()

If the bean is null, should I return null?

It should behave as it currently does today, which is defaulting to WebClientReactiveAuthorizationCodeTokenResponseClient client = new WebClientReactiveAuthorizationCodeTokenResponseClient() in createDefault().
@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Jan 30, 2019
edited

Hello, @jgrandja
I currently have this:


private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
			if (bean ==  null) {
				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
			}
			return bean;
		}

At what point do I invoke/call getAccessTokenResponseClient()?
@jgrandja

This comment has been minimized.

Sign in to view
Copy link
Collaborator Author

jgrandja commented Jan 30, 2019
edited

You would call it in createDefault() and pass it when instantiating OAuth2LoginReactiveAuthenticationManager and OidcAuthorizationCodeReactiveAuthenticationManager
@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Jan 31, 2019

Hello @jgrandja I have implemented this and it's fine.
I'm a bit confused as to where to implement the tests. Kindly assist. Many thanks.
@jgrandja

This comment has been minimized.

Sign in to view
Copy link
Collaborator Author

jgrandja commented Feb 1, 2019

The tests should go in OAuth2LoginTests. Thanks.
@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Feb 5, 2019
edited

Hello @jgrandja. I found some existing tests in OAuth2LoginTests that check ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>. I don't know how to test it without messing up existing code. Is there an implementation I could use as a guide? I would appreciate.

I know this might be an urgent fix. Should I do a PR regardless then work through the tests together with you from there?

Sincere apologies for the delay.
@jgrandja

This comment has been minimized.

Sign in to view
Copy link
Collaborator Author

jgrandja commented Feb 6, 2019

@darthCodr

I know this might be an urgent fix. Should I do a PR regardless then work through the tests together with you from there?

No worries, it's not urgent. It's planned for 5.2.0.M2 so we have some time. The tests need to go with the PR so let's keep working through it.

Is there an implementation I could use as a guide?

Take a look at OAuth2LoginTests.oauth2LoginWhenCustomJwtDecoderFactoryThenUsed().

Note how it registers:

		@Bean
		public ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
			return jwtDecoderFactory;
		}

and jwtDecoderFactory was declared as:

ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory = spy(new JwtDecoderFactory());

and than in the test we verify that the actual @Bean got called:

verify(config.jwtDecoderFactory).createDecoder(any());

This is the same type of test logic you need to apply for ReactiveOAuth2AccessTokenResponseClient.

Let me know if this helps?

darthCodr added a commit to darthCodr/spring-security that referenced this issue Feb 13, 2019

@darthCodr
OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @bean 
Fixes: spring-projectsgh-6477
817e241

@darthCodr darthCodr referenced a pull request that will close this issue Feb 13, 2019

Open

OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @Bean #6530

@darthCodr

This comment has been minimized.

Sign in to view
Copy link
Contributor

darthCodr commented Feb 13, 2019

Thanks a lot for your help @jgrandja
I did a PR gh-6530

Kindly check. Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment