diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index 4c27690898..529a2fcb78 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -93,9 +93,9 @@ ** Authorization *** xref:reactive/authorization/method.adoc[EnableReactiveMethodSecurity] ** xref:reactive/oauth2/index.adoc[OAuth2] -*** xref:reactive/oauth2/login.adoc[OAuth 2.0 Login] +*** xref:reactive/oauth2/login.adoc[OAuth2 Log In] *** xref:reactive/oauth2/oauth2-client.adoc[OAuth2 Client] -*** xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server] +*** xref:reactive/oauth2/resource-server.adoc[OAuth2 Resource Server] *** xref:reactive/registered-oauth2-authorized-client.adoc[@RegisteredOAuth2AuthorizedClient] ** xref:reactive/exploits/index.adoc[Protection Against Exploits] *** xref:reactive/exploits/csrf.adoc[CSRF] diff --git a/docs/modules/ROOT/pages/reactive/oauth2/index.adoc b/docs/modules/ROOT/pages/reactive/oauth2/index.adoc index f76bd6c141..6b47bd0412 100644 --- a/docs/modules/ROOT/pages/reactive/oauth2/index.adoc +++ b/docs/modules/ROOT/pages/reactive/oauth2/index.adoc @@ -3,6 +3,6 @@ Spring Security provides OAuth2 and WebFlux integration for reactive applications. -* xref:reactive/oauth2/login.adoc[OAuth 2.0 Login] - Authenticating with OAuth 2.0 -* xref:reactive/oauth2/oauth2-client.adoc[OAuth2 Client] - Making requests to an OAuth2 Resource Server as an OAuth2 Client -* xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server] - protecting a REST endpoint using OAuth 2.0 +* xref:reactive/oauth2/login.adoc[OAuth2 Log In] - Authenticating with an OAuth2 or OpenID Connect 1.0 Provider +* xref:reactive/oauth2/oauth2-client.adoc[OAuth2 Client] - Making requests to an OAuth2 Resource Server +* xref:reactive/oauth2/resource-server.adoc[OAuth2 Resource Server] - Protecting a REST endpoint using OAuth2 diff --git a/docs/modules/ROOT/pages/reactive/oauth2/oauth2-client.adoc b/docs/modules/ROOT/pages/reactive/oauth2/oauth2-client.adoc index 5146f01183..a44e3312b3 100644 --- a/docs/modules/ROOT/pages/reactive/oauth2/oauth2-client.adoc +++ b/docs/modules/ROOT/pages/reactive/oauth2/oauth2-client.adoc @@ -426,7 +426,7 @@ fun authorizedClientManager( ---- ==== -When an authorization attempt succeeds, the `DefaultReactiveOAuth2AuthorizedClientManager` will delegate to the `ReactiveOAuth2AuthorizationSuccessHandler`, which (by default) will save the `OAuth2AuthorizedClient` via the `ReactiveOAuth2AuthorizedClientProvider`. +When an authorization attempt succeeds, the `DefaultReactiveOAuth2AuthorizedClientManager` will delegate to the `ReactiveOAuth2AuthorizationSuccessHandler`, which (by default) will save the `OAuth2AuthorizedClient` via the `ServerOAuth2AuthorizedClientRepository`. In the case of a re-authorization failure, eg. a refresh token is no longer valid, the previously saved `OAuth2AuthorizedClient` will be removed from the `ServerOAuth2AuthorizedClientRepository` via the `RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler`. The default behaviour may be customized via `setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)` and `setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)`. @@ -853,7 +853,7 @@ public class OAuth2ClientSecurityConfig { [source,kotlin,role="secondary"] ---- @EnableWebFluxSecurity -class OAuth2ClientSecurityConfig : WebSecurityConfigurerAdapter() { +class OAuth2ClientSecurityConfig { @Bean fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { @@ -940,14 +940,14 @@ class OAuth2ClientSecurityConfig { fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { http { oauth2Client { - authenticationManager = authorizationGrantAuthenticationManager() + authenticationManager = authorizationCodeAuthenticationManager() } } return http.build() } - private fun authorizationGrantAuthenticationManager(): ReactiveAuthenticationManager { + private fun authorizationCodeAuthenticationManager(): ReactiveAuthenticationManager { val accessTokenResponseClient = WebClientReactiveAuthorizationCodeTokenResponseClient() ... @@ -1780,7 +1780,7 @@ spring: ... ---- -The following example shows how to configure `DefaultClientCredentialsTokenResponseClient`: +The following example shows how to configure `WebClientReactiveClientCredentialsTokenResponseClient`: ==== .Java @@ -1798,8 +1798,8 @@ Function jwkResolver = (clientRegistration) -> { return null; }; -WebClientReactiveAuthorizationCodeTokenResponseClient tokenResponseClient = - new WebClientReactiveAuthorizationCodeTokenResponseClient(); +WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = + new WebClientReactiveClientCredentialsTokenResponseClient(); tokenResponseClient.addParametersConverter( new NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver)); ---- @@ -1820,7 +1820,7 @@ val jwkResolver = Function { clientRegistration: Clien null } -val tokenResponseClient = WebClientReactiveAuthorizationCodeTokenResponseClient() +val tokenResponseClient = WebClientReactiveClientCredentialsTokenResponseClient() tokenResponseClient.addParametersConverter( NimbusJwtClientAuthenticationParametersConverter(jwkResolver) ) @@ -1869,7 +1869,7 @@ class OAuth2ClientController { ---- ==== -The `@RegisteredOAuth2AuthorizedClient` annotation is handled by `OAuth2AuthorizedClientArgumentResolver`, which directly uses an <> and therefore inherits it's capabilities. +The `@RegisteredOAuth2AuthorizedClient` annotation is handled by `OAuth2AuthorizedClientArgumentResolver`, which directly uses a <> and therefore inherits it's capabilities. [[oauth2Client-webclient-webflux]] @@ -1926,7 +1926,7 @@ The following code shows how to set an `OAuth2AuthorizedClient` as a request att [source,java,role="primary"] ---- @GetMapping("/") -public Mono index(@RegisteredOAuth2AuthorizedClient("test-client") OAuth2AuthorizedClient authorizedClient) { +public Mono index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) { String resourceUri = ... return webClient