diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/index.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/index.adoc index 1044149999..a5bbcda545 100644 --- a/docs/manual/src/docs/asciidoc/_includes/reactive/index.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/index.adoc @@ -4,6 +4,8 @@ include::webflux.adoc[leveloffset=+1] include::oauth2/index.adoc[leveloffset=+1] +include::registered-oauth2-authorized-client.adoc[leveloffset=+1] + include::webclient.adoc[leveloffset=+1] include::method.adoc[leveloffset=+1] diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc index 5f9281bd66..79456b9284 100644 --- a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/access-token.adoc @@ -1,4 +1,5 @@ -= Access Token +[[webflux-oauth2-client]] += OAuth2 Client Spring Security's OAuth Support allows obtaining an access token without authenticating. A basic configuration with Spring Boot can be seen below: @@ -31,4 +32,4 @@ SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception { } ---- -You can now leverage Spring Security's <> support to obtain and use the access token. +You can now leverage Spring Security's <> or <> support to obtain and use the access token. diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/index.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/index.adoc index 047a1e4eb7..3fd2fadf70 100644 --- a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/index.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/index.adoc @@ -2,6 +2,6 @@ Spring Security provides OAuth2 and WebFlux integration for reactive applications. -include::login.adoc[leveloffset+=1] +include::login.adoc[leveloffset=+1] -include::access-token.adoc[leveloffset+=1] +include::access-token.adoc[leveloffset=+1] diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc index 65434a5bc1..9d6ff174f1 100644 --- a/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/oauth2/login.adoc @@ -34,7 +34,7 @@ After completing the "Obtain OAuth 2.0 credentials" instructions, you should hav [[webflux-oauth2-login-sample-redirect]] === Setting the redirect URI -The redirect URI is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with Google and have granted access to the OAuth Client _(<>)_ on the Consent page. +The redirect URI is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with Google and have granted access to the OAuth Client _(<>)_ on the Consent page. In the "Set a redirect URI" sub-section, ensure that the *Authorized redirect URIs* field is set to `http://localhost:8080/login/oauth2/code/google`. diff --git a/docs/manual/src/docs/asciidoc/_includes/reactive/registered-oauth2-authorized-client.adoc b/docs/manual/src/docs/asciidoc/_includes/reactive/registered-oauth2-authorized-client.adoc new file mode 100644 index 0000000000..94833a20de --- /dev/null +++ b/docs/manual/src/docs/asciidoc/_includes/reactive/registered-oauth2-authorized-client.adoc @@ -0,0 +1,39 @@ +[[webflux-roac]] += @RegisteredOAuth2AuthorizedClient + +Spring Security allows resolving an access token using `@RegisteredOAuth2AuthorizedClient`. + +[[NOTE]] +==== +A working example can be found in {gh-samples-url}/boot/oauth2webclient-webflux[*OAuth 2.0 WebClient WebFlux sample*]. +==== + +After configuring Spring Security for <> or as an <>, an `OAuth2AuthorizedClient` can be resolved using the following: + +[source,java] +---- +@GetMapping("/explicit") +Mono explicit(@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient) { + // ... +} +---- + +This integrates into Spring Security to provide the following features: + +* Spring Security will automatically refresh expired tokens (if a refresh token is present) +* If an access token is requested and not present, Spring Security will automatically request the access token. +** For `authorization_code` this involves performing the redirect and then replaying the original request +** For `client_credentials` the token is simply requested and saved + +If the user authenticated using `oauth2Login()`, then the `client-id` is optional. +For example, the following would work: + +[source,java] +---- +@GetMapping("/implicit") +Mono implicit(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) { + // ... +} +---- + +This is convenient if the user always authenticates with OAuth2 Login and an access token from the same authorization server is needed.