GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9703 Commits
61 Branches
369 Tags
120 MiB
 
 
 
 
Tree: 1f90df6a14
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1f90df6a14'
${ noResults }
spring-security/docs/modules/ROOT/pages/reactive/registered-oauth2-authorize...

63 lines
2.0 KiB
Raw Blame History

[[webflux-roac]]
= @RegisteredOAuth2AuthorizedClient
Spring Security allows resolving an access token using `@RegisteredOAuth2AuthorizedClient`.
[NOTE]
====
A working example can be found in {gh-samples-url}/reactive/webflux/java/oauth2/webclient[*OAuth 2.0 WebClient WebFlux sample*].
====
After configuring Spring Security for xref:reactive/oauth2/login.adoc#webflux-oauth2-login[OAuth2 Login] or as an xref:reactive/oauth2/access-token.adoc#webflux-oauth2-client[OAuth2 Client], an `OAuth2AuthorizedClient` can be resolved using the following:
====
.Java
[source,java,role="primary"]
----
@GetMapping("/explicit")
Mono<String> explicit(@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient) {
// ...
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@GetMapping("/explicit")
fun explicit(@RegisteredOAuth2AuthorizedClient("client-id") authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
// ...
}
----
====
This integrates into Spring Security to provide the following features:
* Spring Security will automatically refresh expired tokens (if a refresh token is present)
* If an access token is requested and not present, Spring Security will automatically request the access token.
** For `authorization_code` this involves performing the redirect and then replaying the original request
** For `client_credentials` the token is simply requested and saved
If the user authenticated using `oauth2Login()`, then the `client-id` is optional.
For example, the following would work:
====
.Java
[source,java,role="primary"]
----
@GetMapping("/implicit")
Mono<String> implicit(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
// ...
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@GetMapping("/implicit")
fun implicit(@RegisteredOAuth2AuthorizedClient authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
// ...
}
----
====
This is convenient if the user always authenticates with OAuth2 Login and an access token from the same authorization server is needed.