Skip to content

Add OAuth + RestTemplate support #4920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
6 tasks
rwinch opened this issue Dec 20, 2017 · 10 comments
Closed
6 tasks

Add OAuth + RestTemplate support #4920

rwinch opened this issue Dec 20, 2017 · 10 comments
Assignees
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@rwinch
Copy link
Member

rwinch commented Dec 20, 2017

Summary

We should provide a simple way to integrate OAuth support with RestTemplate. This support would be similar to the WebClient support, but for RestTemplate.

The WebClient extension for Servlet-based applications is ServletOAuth2AuthorizedClientExchangeFilterFunction.

See the sample oauth2webclient and how to configure and use it.

There are a few tasks involved in order to reach feature parity between ServletOAuth2AuthorizedClientExchangeFilterFunction and RestTemplate support. Here is a break-down of the tasks involved.

  • User should be able to set the current client using either an OAuth2AuthorizedClient or clientRegistrationId
  • Each request should contain the Authorization header with Bearer <access-token> for the current OAuth2AuthorizedClient
  • Get a new access token if it's not available for the current clientRegistrationId
  • Refresh an expired access token - applicable to authorization_code grant clients
  • Get a new access token when current token expired - applicable to client_credentials grant clients
  • Add clock skew support for access token expiry time
@rwinch rwinch added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Dec 20, 2017
@rwinch rwinch added this to the 5.1.0.RC1 milestone Dec 20, 2017
@jgrandja jgrandja modified the milestones: 5.1.0.RC1, 5.1.0.M1 Dec 22, 2017
@jgrandja jgrandja modified the milestones: 5.1.0.M1, 5.1.0.M2 Mar 16, 2018
@jgrandja jgrandja removed this from the 5.1.0.M2 milestone May 26, 2018
@jgrandja
Copy link
Contributor

Partial support for RestTemplate has been added in 5.1.
See Token Request/Response and UserInfo Request/Response.

@rwinch
Copy link
Member Author

rwinch commented Nov 21, 2018

This ticket is to track support of RestTempalte supporting something similar to WebClient. I have reopened this and updated the description to make that more clear

@rwinch rwinch reopened this Nov 21, 2018
@jgrandja jgrandja self-assigned this Jan 16, 2019
@jgrandja jgrandja added this to the 5.2.x milestone Jan 16, 2019
@jgrandja jgrandja removed this from the 5.2.x milestone Apr 23, 2019
@jgrandja jgrandja removed their assignment Apr 23, 2019
@rwinch rwinch added type: enhancement A general enhancement and removed New Feature labels May 3, 2019
@jgrandja jgrandja modified the milestone: 5.4.x Mar 11, 2020
@L7R7
Copy link

L7R7 commented Jul 14, 2020

@jgrandja @rwinch I was pointed to this issue while looking for a way to implement an OAuth2 client using the client credentials flow in combination with RestTemplate. I'm curious if this might be something I could contribute to. What do you think could be possible concrete steps?

@jgrandja
Copy link
Contributor

jgrandja commented Jul 16, 2020

@L7R7 Thanks for your interest. It would be great if you can help here.

The one main thing that needs to get ironed out before we put too much effort here is the fact that RestTemplate does not support request-level attributes like the way that WebClient via ExchangeFilterFunction and ClientRequest.attributes() does.

The ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId() allows the "current clientRegistrationId" to be set for the next request, which is the same type of functionality we would need for RestTemplate support. However, this is not possible via RestTemplate and the ClientHttpRequestInterceptor that would house this feature. Maybe there is another way? If you would like to spend some time here and see if there is another solution that would be great. The one thing we want to avoid is creating a new instance of ClientHttpRequestInterceptor per-request. We want to leverage the one instance of ClientHttpRequestInterceptor but it needs to know how to resolve the "current clientRegistrationId".

@L7R7
Copy link

L7R7 commented Jul 17, 2020

Ok, I think I got the problem. I'm not familiar with the internals of RestTemplate nand ClientHttpRequestInterceptor, so I will have to dig through the code and see what I can come up with.

@alexcrownus
Copy link

Is there still a plan to implement this or the focus would now be on the new RestClient in Spring 6.1? @jgrandja

@jgrandja
Copy link
Contributor

@alexcrownus We would likely focus on the new RestClient, however, this issue is still lower priority as there are other features that are higher priority.

@rasifix
Copy link

rasifix commented Nov 24, 2023

@jgrandja now that RestClient is available, what is the status of this? are there plans to support this now? This would be super useful for us as there are quirks (related to reactive nature) when using WebClients which we could avoid.

@jgrandja
Copy link
Contributor

Closing in favour of gh-13588

@jgrandja jgrandja added status: duplicate A duplicate of another issue and removed type: enhancement A general enhancement labels Nov 24, 2023
@jgrandja jgrandja self-assigned this Nov 24, 2023
@jgrandja
Copy link
Contributor

jgrandja commented Nov 24, 2023

@rasifix gh-13588 supersedes this issue so I closed this. As far as status goes, quite honestly, there are a few higher priority items at the moment so I don't have a timeline on when this will be scheduled for a release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Development

No branches or pull requests

5 participants