2018-09-18 10:24:09 -05:00
|
|
|
[[webflux-oauth2-client]]
|
|
|
|
|
= OAuth2 Client
|
2018-09-18 09:55:49 -05:00
|
|
|
|
|
|
|
|
Spring Security's OAuth Support allows obtaining an access token without authenticating.
|
|
|
|
|
A basic configuration with Spring Boot can be seen below:
|
|
|
|
|
|
|
|
|
|
[source,yml]
|
|
|
|
|
----
|
|
|
|
|
spring:
|
|
|
|
|
security:
|
|
|
|
|
oauth2:
|
|
|
|
|
client:
|
|
|
|
|
registration:
|
|
|
|
|
github:
|
|
|
|
|
client-id: replace-with-client-id
|
|
|
|
|
client-secret: replace-with-client-secret
|
2019-02-08 08:41:03 -05:00
|
|
|
scope: read:user,public_repo
|
2018-09-18 09:55:49 -05:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
You will need to replace the `client-id` and `client-secret` with values registered with GitHub.
|
|
|
|
|
|
|
|
|
|
The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.
|
|
|
|
|
|
2020-07-27 09:34:37 +02:00
|
|
|
.OAuth2 Client
|
|
|
|
|
====
|
|
|
|
|
.Java
|
|
|
|
|
[source,java,role="primary"]
|
2018-09-18 09:55:49 -05:00
|
|
|
----
|
|
|
|
|
@Bean
|
|
|
|
|
SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
|
|
|
|
|
http
|
|
|
|
|
// ...
|
2019-07-22 09:31:10 -04:00
|
|
|
.oauth2Client(withDefaults());
|
2018-09-18 09:55:49 -05:00
|
|
|
return http.build();
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
2020-07-27 09:34:37 +02:00
|
|
|
|
|
|
|
|
.Kotlin
|
|
|
|
|
[source,kotlin,role="secondary"]
|
|
|
|
|
----
|
|
|
|
|
@Bean
|
|
|
|
|
fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
|
|
|
|
|
return http {
|
|
|
|
|
// ...
|
|
|
|
|
oauth2Client { }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
====
|
|
|
|
|
|
2018-09-18 10:24:09 -05:00
|
|
|
You can now leverage Spring Security's <<webclient>> or <<webflux-roac,@RegisteredOAuth2AuthorizedClient>> support to obtain and use the access token.
|
