Revamp OAuth 2.0 Client reactive documentation

Related gh-8174
This commit is contained in:
Steve Riesenberg 2021-10-04 11:27:24 -05:00 committed by Steve Riesenberg
parent a487ef2d74
commit 47087ba9c5
6 changed files with 2081 additions and 55 deletions

View File

@ -90,7 +90,7 @@
*** xref:reactive/authorization/method.adoc[EnableReactiveMethodSecurity] *** xref:reactive/authorization/method.adoc[EnableReactiveMethodSecurity]
** xref:reactive/oauth2/index.adoc[OAuth2] ** xref:reactive/oauth2/index.adoc[OAuth2]
*** xref:reactive/oauth2/login.adoc[OAuth 2.0 Login] *** xref:reactive/oauth2/login.adoc[OAuth 2.0 Login]
*** xref:reactive/oauth2/access-token.adoc[OAuth2 Client] *** xref:reactive/oauth2/oauth2-client.adoc[OAuth2 Client]
*** xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server] *** xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server]
*** xref:reactive/registered-oauth2-authorized-client.adoc[@RegisteredOAuth2AuthorizedClient] *** xref:reactive/registered-oauth2-authorized-client.adoc[@RegisteredOAuth2AuthorizedClient]
** xref:reactive/exploits/index.adoc[Protection Against Exploits] ** xref:reactive/exploits/index.adoc[Protection Against Exploits]

View File

@ -1,52 +0,0 @@
[[webflux-oauth2-client]]
= OAuth2 Client
Spring Security's OAuth Support allows obtaining an access token without authenticating.
A basic configuration with Spring Boot can be seen below:
[source,yml]
----
spring:
security:
oauth2:
client:
registration:
github:
client-id: replace-with-client-id
client-secret: replace-with-client-secret
scope: read:user,public_repo
----
You will need to replace the `client-id` and `client-secret` with values registered with GitHub.
The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.
.OAuth2 Client
====
.Java
[source,java,role="primary"]
----
@Bean
SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
http
// ...
.oauth2Client(withDefaults());
return http.build();
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http {
// ...
oauth2Client { }
}
}
----
====
You can now leverage Spring Security's xref:reactive/integrations/webclient.adoc[webclient] or xref:reactive/registered-oauth2-authorized-client.adoc#webflux-roac[@RegisteredOAuth2AuthorizedClient] support to obtain and use the access token.

View File

@ -4,5 +4,5 @@
Spring Security provides OAuth2 and WebFlux integration for reactive applications. Spring Security provides OAuth2 and WebFlux integration for reactive applications.
* xref:reactive/oauth2/login.adoc[OAuth 2.0 Login] - Authenticating with OAuth 2.0 * xref:reactive/oauth2/login.adoc[OAuth 2.0 Login] - Authenticating with OAuth 2.0
* xref:reactive/oauth2/access-token.adoc[OAuth2 Client] - Making requests to an OAuth2 Resource Server as an OAuth2 Client * xref:reactive/oauth2/oauth2-client.adoc[OAuth2 Client] - Making requests to an OAuth2 Resource Server as an OAuth2 Client
* xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server] - protecting a REST endpoint using OAuth 2.0 * xref:reactive/oauth2/resource-server.adoc[OAuth 2.0 Resource Server] - protecting a REST endpoint using OAuth 2.0

File diff suppressed because it is too large Load Diff

View File

@ -8,7 +8,7 @@ Spring Security allows resolving an access token using `@RegisteredOAuth2Authori
A working example can be found in {gh-samples-url}/reactive/webflux/java/oauth2/webclient[*OAuth 2.0 WebClient WebFlux sample*]. A working example can be found in {gh-samples-url}/reactive/webflux/java/oauth2/webclient[*OAuth 2.0 WebClient WebFlux sample*].
==== ====
After configuring Spring Security for xref:reactive/oauth2/login.adoc#webflux-oauth2-login[OAuth2 Login] or as an xref:reactive/oauth2/access-token.adoc#webflux-oauth2-client[OAuth2 Client], an `OAuth2AuthorizedClient` can be resolved using the following: After configuring Spring Security for xref:reactive/oauth2/login.adoc#webflux-oauth2-login[OAuth2 Login] or as an xref:reactive/oauth2/oauth2-client.adoc#webflux-oauth2-client[OAuth2 Client], an `OAuth2AuthorizedClient` can be resolved using the following:
==== ====
.Java .Java

View File

@ -48,3 +48,4 @@ Below are the highlights of the release.
** Added https://github.com/spring-projects/spring-security/pull/10269[custom response parsing] for Access Token Requests ** Added https://github.com/spring-projects/spring-security/pull/10269[custom response parsing] for Access Token Requests
** Added https://github.com/spring-projects/spring-security/pull/10327[jwt-bearer Grant Type support] for Access Token Requests ** Added https://github.com/spring-projects/spring-security/pull/10327[jwt-bearer Grant Type support] for Access Token Requests
** Added https://github.com/spring-projects/spring-security/pull/10336[JWT Client Authentication support] for Access Token Requests ** Added https://github.com/spring-projects/spring-security/pull/10336[JWT Client Authentication support] for Access Token Requests
** Improved https://github.com/spring-projects/spring-security/pull/10373[Reactive OAuth 2.0 Client Documentation]