@ -491,7 +491,7 @@ With the above configuration, the application now supports two additional endpoi
@@ -491,7 +491,7 @@ With the above configuration, the application now supports two additional endpoi
====
The presence of the `openid` scope in the above configuration indicates that OpenID Connect 1.0 should be used.
This instructs Spring Security to use OIDC-specific components (such as `OidcUserService`) during request processing.
Without this scope, Spring Security will use OAuth2-specific components (such as `OAuth2UserService`) instead.
Without this scope, Spring Security will use OAuth2-specific components (such as `DefaultOAuth2UserService`) instead.
====
[[oauth2-client-access-protected-resources]]
@ -708,7 +708,7 @@ class MessagesController(private val webClient: WebClient) {
@@ -708,7 +708,7 @@ class MessagesController(private val webClient: WebClient) {
@ -933,7 +933,7 @@ class MessagesController(private val webClient: WebClient) {
@@ -933,7 +933,7 @@ class MessagesController(private val webClient: WebClient) {
return webClient.get()
.uri("http://localhost:8090/messages")
.retrieve()
.toEntityList(Message::class.java)
.toEntityList<Message>()
.block()!!
}
@ -953,7 +953,7 @@ This is because it can be derived from the currently logged in user.
@@ -953,7 +953,7 @@ This is because it can be derived from the currently logged in user.
=== Enable an Extension Grant Type
A common use case involves enabling and/or configuring an extension grant type.
For example, Spring Security provides support for the `jwt-bearer` grant type, but does not enable it by default because it is not part of the core OAuth 2.0 specification.
For example, Spring Security provides support for the `jwt-bearer` and `token-exchange` grant types, but does not enable them by default because they are not part of the core OAuth 2.0 specification.
With Spring Security 6.2 and later, we can simply publish a bean for one or more `OAuth2AuthorizedClientProvider` and they will be picked up automatically.
The following example simply enables the `jwt-bearer` grant type:
@ -1356,12 +1356,18 @@ Spring Security automatically resolves the following generic types of `OAuth2Acc
@@ -1356,12 +1356,18 @@ Spring Security automatically resolves the following generic types of `OAuth2Acc
* `OAuth2ClientCredentialsGrantRequest` (see `DefaultClientCredentialsTokenResponseClient`)
* `OAuth2PasswordGrantRequest` (see `DefaultPasswordTokenResponseClient`)
* `JwtBearerGrantRequest` (see `DefaultJwtBearerTokenResponseClient`)
* `TokenExchangeGrantRequest` (see `DefaultTokenExchangeTokenResponseClient`)
[TIP]
====
Publishing a bean of type `OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>` will automatically enable the `jwt-bearer` grant type without the need to <<oauth2-client-enable-extension-grant-type,configure it separately>>.
====
[TIP]
====
Publishing a bean of type `OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>` will automatically enable the `token-exchange` grant type without the need to <<oauth2-client-enable-extension-grant-type,configure it separately>>.
====
[[oauth2-client-customize-rest-operations]]
=== Customize the `RestOperations` used by OAuth2 Client Components
@ -1427,6 +1433,15 @@ public class SecurityConfig {
@@ -1427,6 +1433,15 @@ public class SecurityConfig {
return accessTokenResponseClient;
}
@Bean
public OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> tokenExchangeAccessTokenResponseClient() {
Steve Riesenberg
2 years ago