| ################################################################################## | |
| ################################################################################## | |
| ######### IF YOU FOUND THIS GIST USEFUL, PLEASE LEAVE A STAR. THANKS. ############ | |
| ################################################################################## | |
| ################################################################################## | |
| spring: | |
| security: | |
| oauth2: | |
| client: | |
| provider: | |
| <provider-name>: | |
| issuer-uri: <issuer-uri implementing OIDC> | |
| registration: | |
| <provider-name>: | |
| client-id: <client-id> | |
| client-secret: <client-secret> | |
| scope: <comma separated scopes> | |
| authorization-grant-type: client_credentials | |
| OR | |
| spring: | |
| security: | |
| oauth2: | |
| client: | |
| provider: | |
| <provider-name>: | |
| token-uri: <token-uri of provider implementing OIDC> | |
| registration: | |
| <provider-name>: | |
| client-id: <client-id> | |
| client-secret: <client-secret> | |
| scope: <comma separated scopes> | |
| authorization-grant-type: client_credentials |
| plugins { | |
| id 'org.springframework.boot' version '2.3.1.RELEASE' | |
| id 'io.spring.dependency-management' version '1.0.9.RELEASE' | |
| id 'java' | |
| } | |
| //Relevant dependencies | |
| dependencies { | |
| implementation 'org.springframework.boot:spring-boot-starter-webflux' | |
| implementation 'org.springframework.boot:spring-boot-starter-oauth2-client' | |
| } |
| webClient.get() | |
| .uri(<protected resource uri which you want to access>) | |
| .attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>)) | |
| .retrieve() | |
| .bodyToMono(String.class) | |
| .map(string | |
| -> "Retrieved using Client Credentials Grant Type: " + string) | |
| .subscribe(LOGGER::info); |
This gist describes the configuration required for Spring reactive WebClient to make a call to an OAuth2 protected resource through OAuth2.0 Client Credentials Grant Type Flow.
Assumption is that the Authorization Server supports OpenId Connect 1.0 specifications.
| @EnableWebFluxSecurity | |
| public class WebSecurityConfiguration { | |
| @Bean | |
| public ReactiveOAuth2AuthorizedClientManager authorizedClientManager( | |
| ReactiveClientRegistrationRepository clientRegistrationRepository, | |
| ReactiveOAuth2AuthorizedClientService authorizedClientService) { | |
| ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = | |
| ReactiveOAuth2AuthorizedClientProviderBuilder.builder() | |
| .clientCredentials() | |
| .build(); | |
| AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = | |
| new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager( | |
| clientRegistrationRepository, authorizedClientService); | |
| authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); | |
| return authorizedClientManager; | |
| } | |
| @Bean | |
| public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) { | |
| ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager); | |
| return WebClient.builder().filter(oauth).build(); | |
| } | |
| @Bean | |
| public SecurityWebFilterChain configure(ServerHttpSecurity http) { | |
| return http | |
| .oauth2Client() | |
| .and() | |
| .build(); | |
| } | |
| } |
Hi do you have an example of Spring Cloud Gateway using the Webflux? I have posted a question here https://stackoverflow.com/questions/67801105/spring-cloud-gateway-with-custom-auth-server-client-credentials-flow-with-webcli
hi , since .oauth2Client() its now actually depracated for Lamabda functions on spring 7 what actually would be the translataion ? or simply would it be obiate it ?
Can someone help me with this. it is redirecting to relative URL /authorization/{provider} without going through actual redirect link