Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow OAuth2ClientSpec to get ReactiveOAuth2AccessTokenResponseClient from Spring IoC #11097

Closed
NotFound403 opened this issue Apr 12, 2022 · 6 comments
Closed

Allow OAuth2ClientSpec to get ReactiveOAuth2AccessTokenResponseClient from Spring IoC #11097

NotFound403 opened this issue Apr 12, 2022 · 6 comments
Assignees
@sjohnr
Labels
in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
6.4.0-RC1

Comments

@NotFound403
Copy link

NotFound403 commented Apr 12, 2022
edited
Loading

Expected Behavior

Just like OAuth2LoginSpec, OAuth2ClientSpec should get ReactiveOAuth2AccessTokenResponseClient from Spring IoC :

  		/**
		 * Gets the {@link ReactiveAuthenticationManager} to use. First tries an explicitly configured manager, and
		 * defaults to {@link OAuth2AuthorizationCodeReactiveAuthenticationManager}
		 *
		 * @return the {@link ReactiveAuthenticationManager} to use
		 */
		private ReactiveAuthenticationManager getAuthenticationManager() {
			if (this.authenticationManager == null) {
				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(getAccessTokenResponseClient());
			}
			return this.authenticationManager;
		}

		private ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> getAccessTokenResponseClient() {
			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2AccessTokenResponseClient.class, OAuth2AuthorizationCodeGrantRequest.class);
			ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> bean = getBeanOrNull(type);
			if (bean == null) {
				return new WebClientReactiveAuthorizationCodeTokenResponseClient();
			}
			return bean;
		}

Current Behavior

Current mechanism :

		private ReactiveAuthenticationManager getAuthenticationManager() {
			if (this.authenticationManager == null) {
				this.authenticationManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(new WebClientReactiveAuthorizationCodeTokenResponseClient());
			}
			return this.authenticationManager;
		}

Context
I consider that,ReactiveOAuth2AccessTokenResponseClient in Spring IoC is the default one 、the global one. This facilitates consistent behavior,if not I need like the following :

    @Bean
    @ConditionalOnMissingBean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange().anyExchange().authenticated();
        http.oauth2Login();
        http.oauth2Client().authenticationManager(new OAuth2AuthorizationCodeReactiveAuthenticationManager(oAuth2AccessTokenResponseClient()));
        return http.build();
    }

    @Bean
    public ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> oAuth2AccessTokenResponseClient() {
    // ignore
    }

It looks not good.
@NotFound403 NotFound403 added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 12, 2022
@eleftherias eleftherias self-assigned this Apr 14, 2022
@sjohnr
Copy link
Member

sjohnr commented May 19, 2022

Hi @NotFound403. I'm going through a few unanswered issues and saw this one.

It looks not good.

Can you explain what you mean here? For example, do you mean that there's a workaround but it is inconvenient or difficult? Or do you mean something you're trying to achieve is impossible?

@sjohnr sjohnr assigned sjohnr and unassigned eleftherias May 19, 2022
@sjohnr sjohnr added in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels May 19, 2022
@spring-projects-issues
Copy link

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Jun 2, 2022
@sjohnr sjohnr removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Jun 3, 2022
@sjohnr
Copy link
Member

sjohnr commented Jun 3, 2022

@NotFound403 did you happen to see the above comment?

@NotFound403
Copy link
Author

ReactiveOAuth2AccessTokenResponseClient could customize and have the global default one in Spring IoC

@sjohnr
Copy link
Member

sjohnr commented Jun 6, 2022

Thanks @NotFound403. I think you're just requesting a general enhancement (nice-to-have) to make OAuth2ClientSpec consistent with OAuth2LoginSpec in the way it obtains a ReactiveOAuth2AccessTokenResponseClient for creating the default OAuth2AuthorizationCodeReactiveAuthenticationManager. Let me know if you think there's anything I've missed.

@NotFound403
Copy link
Author

NotFound403 commented Jun 7, 2022
edited
Loading

Thanks @NotFound403. I think you're just requesting a general enhancement (nice-to-have) to make OAuth2ClientSpec consistent with OAuth2LoginSpec in the way it obtains a ReactiveOAuth2AccessTokenResponseClient for creating the default OAuth2AuthorizationCodeReactiveAuthenticationManager. Let me know if you think there's anything I've missed.

yes, keep them consistent

@sjohnr sjohnr removed their assignment Jun 10, 2022
@sjohnr sjohnr self-assigned this Jun 24, 2024
@sjohnr sjohnr added this to the 6.4.x milestone Jun 24, 2024
@sjohnr sjohnr moved this to Planning in Spring Security Team Jun 24, 2024
@sjohnr sjohnr mentioned this issue Jun 24, 2024
Open
9 tasks
@sjohnr sjohnr moved this from Planning to Prioritized in Spring Security Team Sep 23, 2024
@sjohnr sjohnr closed this as completed in cd7f6e0 Sep 23, 2024
@sjohnr sjohnr modified the milestones: 6.4.x, 6.4.0-RC1 Sep 23, 2024
@sjohnr sjohnr moved this from Prioritized to Done in Spring Security Team Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: config An issue in spring-security-config in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.4.0-RC1
Development

No branches or pull requests
4 participants
@sjohnr @eleftherias @spring-projects-issues @NotFound403