You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52 lines
1.3 KiB
52 lines
1.3 KiB
[[webflux-oauth2-client]] |
|
= OAuth2 Client |
|
|
|
Spring Security's OAuth Support allows obtaining an access token without authenticating. |
|
A basic configuration with Spring Boot can be seen below: |
|
|
|
[source,yml] |
|
---- |
|
spring: |
|
security: |
|
oauth2: |
|
client: |
|
registration: |
|
github: |
|
client-id: replace-with-client-id |
|
client-secret: replace-with-client-secret |
|
scope: read:user,public_repo |
|
---- |
|
|
|
You will need to replace the `client-id` and `client-secret` with values registered with GitHub. |
|
|
|
The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token. |
|
|
|
.OAuth2 Client |
|
==== |
|
.Java |
|
[source,java,role="primary"] |
|
---- |
|
@Bean |
|
SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception { |
|
http |
|
// ... |
|
.oauth2Client(withDefaults()); |
|
return http.build(); |
|
} |
|
---- |
|
|
|
|
|
.Kotlin |
|
[source,kotlin,role="secondary"] |
|
---- |
|
@Bean |
|
fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { |
|
return http { |
|
// ... |
|
oauth2Client { } |
|
} |
|
} |
|
---- |
|
==== |
|
|
|
You can now leverage Spring Security's <<webclient>> or xref:reactive/registered-oauth2-authorized-client.adoc#webflux-roac[@RegisteredOAuth2AuthorizedClient] support to obtain and use the access token.
|
|
|