Enable autoconfiguration of OAuth2 machinery in a non-webapp #43978
Labels
type: enhancement
A general enhancement
Milestone
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
See #40997 for a similar ask just on the client side. |
philwebb
added
type: enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OAuth2 is useful in messaging and non-servlet, non-webflux apps. A lot of the machinery is not dependent on the web APIs, so it could be exposed as autoconfiguration even when the application context type was not MVC or webflux. E.g. everything in
OAuth2ResourceServerAutoConfigurationand the private classes it imports is useful for receiving and authenticating a token, except for the 2@Beandefinitions that createSecurityFilterChain(which is servlet-specific). The same pattern occurs inOAuth2ClientAutoConfigurationbut there are fewer beans there - only really one that would be useful outside a webapp (theClientRegistrationRepository).Interestingly, I found that as soon as I start adding config properties to
spring.security.oauth2.client.registration.*I get aReactiveClientRegistrationRepository, but not a vanilla blockingClientRegistrationRepository. It was added for me becauseFluxwas on the classpath, even though I didn't want or need it. That's probably a bug.The text was updated successfully, but these errors were encountered: