spring-security/samples/boot/oauth2webclient/README.adoc

= OAuth 2.0 WebClient (Servlet) Sample

== GitHub Repositories

This guide provides instructions on setting up the sample application, which leverages WebClient OAuth2 integration to display a list of public GitHub repositories that are accessible to the authenticated user.

This includes repositories owned by the authenticated user, repositories where the authenticated user is a collaborator, and repositories that the authenticated user has access to through an organization membership.

The following sections provide detailed steps for setting up the sample and covers the following topics:

* <<github-register-application,Register OAuth application>>
* <<github-application-config,Configure application.yml>>
* <<github-boot-application,Boot up the application>>

[[github-register-application]]
=== Register OAuth application

To use GitHub's OAuth 2.0 authorization system, you must https://github.com/settings/applications/new[Register a new OAuth application].

When registering the OAuth application, ensure the *Authorization callback URL* is set to `http://localhost:8080/login/oauth2/code/client-id`.

The Authorization callback URL (redirect URI) is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the _Authorize application_ page.

[[github-application-config]]
=== Configure application.yml

Now that you have a new OAuth application with GitHub, you need to configure the sample to use the OAuth application for the _authorization code grant flow_.
To do so:

. Go to `application.yml` and set the following configuration:
+
[source,yaml]
----
spring:
  security:
    oauth2:
      client:
        registration:	<1>
          client-id:       <2>
            client-id: replace-with-client-id
            client-secret: replace-with-client-secret
            provider: github
            scope: read:user,public_repo
----
+
.OAuth Client properties
====
<1> `spring.security.oauth2.client.registration` is the base property prefix for OAuth Client properties.
<2> Following the base property prefix is the ID for the `ClientRegistration`, which is github.
====

. Replace the values in the `client-id` and `client-secret` property with the OAuth 2.0 credentials you created earlier.

[[github-boot-application]]
=== Boot up the application

Launch the Spring Boot 2.0 sample and go to `http://localhost:8080`.
You are then redirected to the default _auto-generated_ form login page.
Log in using *'user'* (username) and *'password'* (password) or click the link to authenticate with GitHub and then you'll be redirected to GitHub for authentication.

After authenticating with your GitHub credentials, the next page presented to you is "Authorize application".
This page will ask you to *Authorize* the application you created in the previous step.
Click _Authorize application_ to allow the OAuth application to access and display your public repository information.
authcodegrant samples->oauth2webclient samples The authcodegrant samples were initially meant to be very simple demonstration of authorization code flow. However, it has become obvious since then that the real intent of the demo is how to use the WebClient with OAuth (there is no other reason to do authorization code flow unless you use the token to make a request). The samples have been migrated to oauth2webclient and oauth2webclient-webflux respectively. They have been improved: * The sample demonstrates usage with annotations, webclient directly, form login oauth2Login, and public APIs * The samples externalize the endpoint that is requested in the sample making it easier to try other endpoints * The UI no longer relies on a data structure for the result of the endpoint also making it easier to try other endpoints Issue: gh-4921 2018-09-06 16:10:31 -04:00			`= OAuth 2.0 WebClient (Servlet) Sample`
Add authcodegrant-webflux sample Issue: gh-5620 2018-08-01 13:44:19 -04:00
			`== GitHub Repositories`

authcodegrant samples->oauth2webclient samples The authcodegrant samples were initially meant to be very simple demonstration of authorization code flow. However, it has become obvious since then that the real intent of the demo is how to use the WebClient with OAuth (there is no other reason to do authorization code flow unless you use the token to make a request). The samples have been migrated to oauth2webclient and oauth2webclient-webflux respectively. They have been improved: * The sample demonstrates usage with annotations, webclient directly, form login oauth2Login, and public APIs * The samples externalize the endpoint that is requested in the sample making it easier to try other endpoints * The UI no longer relies on a data structure for the result of the endpoint also making it easier to try other endpoints Issue: gh-4921 2018-09-06 16:10:31 -04:00			`This guide provides instructions on setting up the sample application, which leverages WebClient OAuth2 integration to display a list of public GitHub repositories that are accessible to the authenticated user.`
Add authcodegrant-webflux sample Issue: gh-5620 2018-08-01 13:44:19 -04:00
			`This includes repositories owned by the authenticated user, repositories where the authenticated user is a collaborator, and repositories that the authenticated user has access to through an organization membership.`

			`The following sections provide detailed steps for setting up the sample and covers the following topics:`

			`* <<github-register-application,Register OAuth application>>`
			`* <<github-application-config,Configure application.yml>>`
			`* <<github-boot-application,Boot up the application>>`

			`[[github-register-application]]`
			`=== Register OAuth application`

			`To use GitHub's OAuth 2.0 authorization system, you must https://github.com/settings/applications/new[Register a new OAuth application].`

authcodegrant samples->oauth2webclient samples The authcodegrant samples were initially meant to be very simple demonstration of authorization code flow. However, it has become obvious since then that the real intent of the demo is how to use the WebClient with OAuth (there is no other reason to do authorization code flow unless you use the token to make a request). The samples have been migrated to oauth2webclient and oauth2webclient-webflux respectively. They have been improved: * The sample demonstrates usage with annotations, webclient directly, form login oauth2Login, and public APIs * The samples externalize the endpoint that is requested in the sample making it easier to try other endpoints * The UI no longer relies on a data structure for the result of the endpoint also making it easier to try other endpoints Issue: gh-4921 2018-09-06 16:10:31 -04:00			When registering the OAuth application, ensure the Authorization callback URL is set to `http://localhost:8080/login/oauth2/code/client-id`.
Add authcodegrant-webflux sample Issue: gh-5620 2018-08-01 13:44:19 -04:00
			`The Authorization callback URL (redirect URI) is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the _Authorize application_ page.`

			`[[github-application-config]]`
			`=== Configure application.yml`

			`Now that you have a new OAuth application with GitHub, you need to configure the sample to use the OAuth application for the _authorization code grant flow_.`
			`To do so:`

			. Go to `application.yml` and set the following configuration:
			`+`
			`[source,yaml]`
			`----`
			`spring:`
			`security:`
			`oauth2:`
			`client:`
			`registration: <1>`
authcodegrant samples->oauth2webclient samples The authcodegrant samples were initially meant to be very simple demonstration of authorization code flow. However, it has become obvious since then that the real intent of the demo is how to use the WebClient with OAuth (there is no other reason to do authorization code flow unless you use the token to make a request). The samples have been migrated to oauth2webclient and oauth2webclient-webflux respectively. They have been improved: * The sample demonstrates usage with annotations, webclient directly, form login oauth2Login, and public APIs * The samples externalize the endpoint that is requested in the sample making it easier to try other endpoints * The UI no longer relies on a data structure for the result of the endpoint also making it easier to try other endpoints Issue: gh-4921 2018-09-06 16:10:31 -04:00			`client-id: <2>`
			`client-id: replace-with-client-id`
			`client-secret: replace-with-client-secret`
			`provider: github`
Client OAuth2 properties to use scope not scopes OAuth2ClientProperties.Registration (which captures .properties and .yml for OAuth2 Client) has a member `scope` but not `scopes`. Samples and documentation were using `scopes` and have now been updated to use `scope`. Fixes gh-6510 2019-02-08 08:41:03 -05:00			`scope: read:user,public_repo`
Add authcodegrant-webflux sample Issue: gh-5620 2018-08-01 13:44:19 -04:00			`----`
			`+`
			`.OAuth Client properties`
			`====`
			<1> `spring.security.oauth2.client.registration` is the base property prefix for OAuth Client properties.
			<2> Following the base property prefix is the ID for the `ClientRegistration`, which is github.
			`====`

			. Replace the values in the `client-id` and `client-secret` property with the OAuth 2.0 credentials you created earlier.

			`[[github-boot-application]]`
			`=== Boot up the application`

			Launch the Spring Boot 2.0 sample and go to `http://localhost:8080`.
			`You are then redirected to the default _auto-generated_ form login page.`
authcodegrant samples->oauth2webclient samples The authcodegrant samples were initially meant to be very simple demonstration of authorization code flow. However, it has become obvious since then that the real intent of the demo is how to use the WebClient with OAuth (there is no other reason to do authorization code flow unless you use the token to make a request). The samples have been migrated to oauth2webclient and oauth2webclient-webflux respectively. They have been improved: * The sample demonstrates usage with annotations, webclient directly, form login oauth2Login, and public APIs * The samples externalize the endpoint that is requested in the sample making it easier to try other endpoints * The UI no longer relies on a data structure for the result of the endpoint also making it easier to try other endpoints Issue: gh-4921 2018-09-06 16:10:31 -04:00			`Log in using 'user' (username) and 'password' (password) or click the link to authenticate with GitHub and then you'll be redirected to GitHub for authentication.`
Add authcodegrant-webflux sample Issue: gh-5620 2018-08-01 13:44:19 -04:00
			`After authenticating with your GitHub credentials, the next page presented to you is "Authorize application".`
			`This page will ask you to Authorize the application you created in the previous step.`
			`Click _Authorize application_ to allow the OAuth application to access and display your public repository information.`