diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc index 6fb282c858..6eed50e0cb 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc @@ -179,8 +179,8 @@ public class OAuth2ClientController { @RequestMapping("/") public String index() { - ClientRegistration googleRegistration = - this.clientRegistrationRepository.findByRegistrationId("google"); + ClientRegistration oktaRegistration = + this.clientRegistrationRepository.findByRegistrationId("okta"); ... @@ -207,38 +207,34 @@ Whereas, the primary role of `OAuth2AuthorizedClientService` is to manage `OAuth From a developer perspective, the `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` provides the capability to lookup an `OAuth2AccessToken` associated with a client so that it may be used to initiate a protected resource request. -[NOTE] -Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`. -However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`. - The following listing shows an example: [source,java] ---- @Controller -public class OAuth2LoginController { +public class OAuth2ClientController { - @Autowired - private OAuth2AuthorizedClientService authorizedClientService; + @Autowired + private OAuth2AuthorizedClientService authorizedClientService; - @RequestMapping("/userinfo") - public String userinfo(OAuth2AuthenticationToken authentication) { - // authentication.getAuthorizedClientRegistrationId() returns the - // registrationId of the Client that was authorized during the oauth2Login() flow - OAuth2AuthorizedClient authorizedClient = - this.authorizedClientService.loadAuthorizedClient( - authentication.getAuthorizedClientRegistrationId(), - authentication.getName()); + @RequestMapping("/") + public String index(Authentication authentication) { + OAuth2AuthorizedClient authorizedClient = + this.authorizedClientService.loadAuthorizedClient("okta", authentication.getName()); - OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); + OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); - ... + ... - return "userinfo"; - } + return "index"; + } } ---- +[NOTE] +Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`. +However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`. + [[oauth2Client-authorized-manager-provider]] ==== OAuth2AuthorizedClientManager / OAuth2AuthorizedClientProvider @@ -311,6 +307,29 @@ The `OAuth2AuthorizationRequestRedirectFilter` uses an `OAuth2AuthorizationReque The primary role of the `OAuth2AuthorizationRequestResolver` is to resolve an `OAuth2AuthorizationRequest` from the provided web request. The default implementation `DefaultOAuth2AuthorizationRequestResolver` matches on the (default) path `/oauth2/authorization/{registrationId}` extracting the `registrationId` and using it to build the `OAuth2AuthorizationRequest` for the associated `ClientRegistration`. +Given the following Spring Boot 2.x properties for an OAuth 2.0 Client registration: + +[source,yaml] +---- +spring: + security: + oauth2: + client: + registration: + okta: + client-id: okta-client-id + client-secret: okta-client-secret + authorization-grant-type: authorization_code + redirect-uri: "{baseUrl}/authorized/okta" + scope: read, write +---- + +A request with the base path `/oauth2/authorization/okta` will initiate the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter` and ultimately start the Authorization Code grant flow. + +[NOTE] +The `AuthorizationCodeOAuth2AuthorizedClientProvider` is an implementation of `OAuth2AuthorizedClientProvider` for the Authorization Code grant, +which also initiates the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter`. + ===== Customizing the Authorization Request @@ -471,7 +490,7 @@ Please refer to the https://tools.ietf.org/html/rfc6749#section-4.1.3[Access Tok The primary role of the `OAuth2AccessTokenResponseClient` is to exchange an authorization grant credential for an access token credential at the Authorization Server's Token Endpoint. -The default implementation of `OAuth2AccessTokenResponseClient` for the `authorization_code` grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint. +The default implementation of `OAuth2AccessTokenResponseClient` for the Authorization Code grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint. The `DefaultAuthorizationCodeTokenResponseClient` is quite flexible as it allows you to customize the pre-processing of the Token Request and/or post-handling of the Token Response. @@ -543,15 +562,15 @@ This is a convenient alternative compared to looking up the `OAuth2AuthorizedCli [source,java] ---- @Controller -public class OAuth2LoginController { +public class OAuth2ClientController { - @RequestMapping("/userinfo") - public String userinfo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) { + @RequestMapping("/") + public String index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) { OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); ... - return "userinfo"; + return "index"; } } ----