Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient

Fixes gh-5360

config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java

@@ -21,8 +21,7 @@ import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportSelector;
 import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
-import org.springframework.security.oauth2.client.web.method.annotation.OAuth2ClientArgumentResolver;
 import org.springframework.util.ClassUtils;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -58,18 +57,15 @@ final class OAuth2ClientConfiguration {
 
 	@Configuration
 	static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer {
-		@Autowired(required = false)
-		private ClientRegistrationRepository clientRegistrationRepository;
-
 		@Autowired(required = false)
 		private OAuth2AuthorizedClientService authorizedClientService;
 
 		@Override
 		public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
-			if (this.clientRegistrationRepository != null && this.authorizedClientService != null) {
+			if (this.authorizedClientService != null) {
-				OAuth2ClientArgumentResolver oauth2ClientArgumentResolver = new OAuth2ClientArgumentResolver(
+				OAuth2AuthorizedClientArgumentResolver authorizedClientArgumentResolver =
-					this.clientRegistrationRepository, this.authorizedClientService);
+						new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
-				argumentResolvers.add(oauth2ClientArgumentResolver);
+				argumentResolvers.add(authorizedClientArgumentResolver);
 			}
 		}
 	}

config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java

@@ -16,19 +16,18 @@
 
 package org.springframework.security.config.annotation.web.reactive;
 
-import java.util.List;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportSelector;
 import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
-import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2ClientArgumentResolver;
 import org.springframework.util.ClassUtils;
 import org.springframework.web.reactive.config.WebFluxConfigurer;
 import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
 
+import java.util.List;
+
 /**
  * {@link Configuration} for OAuth 2.0 Client support.
  *
@@ -52,21 +51,12 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
 
 	@Configuration
 	static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {
-		private ReactiveClientRegistrationRepository clientRegistrationRepository;
-
 		private ReactiveOAuth2AuthorizedClientService authorizedClientService;
 
 		@Override
 		public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
-			if (this.clientRegistrationRepository != null && this.authorizedClientService != null) {
+			if (this.authorizedClientService != null) {
-				configurer.addCustomResolver(new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, this.authorizedClientService));
+				configurer.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService));
-			}
-		}
-
-		@Autowired(required = false)
-		public void setClientRegistrationRepository(List<ReactiveClientRegistrationRepository> clientRegistrationRepository) {
-			if (clientRegistrationRepository.size() == 1) {
-				this.clientRegistrationRepository = clientRegistrationRepository.get(0);
 			}
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java

@@ -23,11 +23,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -54,24 +50,10 @@ public class OAuth2ClientConfigurationTests {
 	private MockMvc mockMvc;
 
 	@Test
-	public void requestWhenAuthorizedClientFoundThenOAuth2ClientArgumentsResolved() throws Exception {
+	public void requestWhenAuthorizedClientFoundThenMethodArgumentResolved() throws Exception {
 		String clientRegistrationId = "client1";
 		String principalName = "user1";
 
-		ClientRegistrationRepository clientRegistrationRepository = mock(ClientRegistrationRepository.class);
-		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(clientRegistrationId)
-				.clientId("client-id")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("{baseUrl}/client1")
-				.scope("scope1", "scope2")
-				.authorizationUri("https://provider.com/oauth2/auth")
-				.tokenUri("https://provider.com/oauth2/token")
-				.clientName("Client 1")
-				.build();
-		when(clientRegistrationRepository.findByRegistrationId(clientRegistrationId)).thenReturn(clientRegistration);
-
 		OAuth2AuthorizedClientService authorizedClientService = mock(OAuth2AuthorizedClientService.class);
 		OAuth2AuthorizedClient authorizedClient = mock(OAuth2AuthorizedClient.class);
 		when(authorizedClientService.loadAuthorizedClient(clientRegistrationId, principalName)).thenReturn(authorizedClient);
@@ -79,25 +61,17 @@ public class OAuth2ClientConfigurationTests {
 		OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
 		when(authorizedClient.getAccessToken()).thenReturn(accessToken);
 
-		OAuth2ClientArgumentResolverConfig.CLIENT_REGISTRATION_REPOSITORY = clientRegistrationRepository;
+		OAuth2AuthorizedClientArgumentResolverConfig.AUTHORIZED_CLIENT_SERVICE = authorizedClientService;
-		OAuth2ClientArgumentResolverConfig.AUTHORIZED_CLIENT_SERVICE = authorizedClientService;
+		this.spring.register(OAuth2AuthorizedClientArgumentResolverConfig.class).autowire();
-		this.spring.register(OAuth2ClientArgumentResolverConfig.class).autowire();
 
-		this.mockMvc.perform(get("/access-token").with(user(principalName)))
-			.andExpect(status().isOk())
-			.andExpect(content().string("resolved"));
 		this.mockMvc.perform(get("/authorized-client").with(user(principalName)))
 			.andExpect(status().isOk())
 			.andExpect(content().string("resolved"));
-		this.mockMvc.perform(get("/client-registration").with(user(principalName)))
-			.andExpect(status().isOk())
-			.andExpect(content().string("resolved"));
 	}
 
 	@EnableWebMvc
 	@EnableWebSecurity
-	static class OAuth2ClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
+	static class OAuth2AuthorizedClientArgumentResolverConfig extends WebSecurityConfigurerAdapter {
-		static ClientRegistrationRepository CLIENT_REGISTRATION_REPOSITORY;
 		static OAuth2AuthorizedClientService AUTHORIZED_CLIENT_SERVICE;
 
 		@Override
@@ -107,25 +81,10 @@ public class OAuth2ClientConfigurationTests {
 		@RestController
 		public class Controller {
 
-			@GetMapping("/access-token")
-			public String accessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
-				return accessToken != null ? "resolved" : "not-resolved";
-			}
-
 			@GetMapping("/authorized-client")
-			public String authorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
+			public String authorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
 				return authorizedClient != null ? "resolved" : "not-resolved";
 			}
-
-			@GetMapping("/client-registration")
-			public String clientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
-				return clientRegistration != null ? "resolved" : "not-resolved";
-			}
-		}
-
-		@Bean
-		public ClientRegistrationRepository clientRegistrationRepository() {
-			return CLIENT_REGISTRATION_REPOSITORY;
 		}
 
 		@Bean

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java

@@ -30,7 +30,7 @@ import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -205,7 +205,7 @@ public class OAuth2ClientConfigurerTests {
 		@RestController
 		public class ResourceController {
 			@GetMapping("/resource1")
-			public String resource1(@OAuth2Client("registration-1") OAuth2AuthorizedClient authorizedClient) {
+			public String resource1(@RegisteredOAuth2AuthorizedClient("registration-1") OAuth2AuthorizedClient authorizedClient) {
 				return "resource1";
 			}
 		}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/annotation/RegisteredOAuth2AuthorizedClient.java

@@ -17,9 +17,7 @@ package org.springframework.security.oauth2.client.annotation;
 
 import org.springframework.core.annotation.AliasFor;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver;
-import org.springframework.security.oauth2.client.web.method.annotation.OAuth2ClientArgumentResolver;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;
@@ -28,40 +26,29 @@ import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
 /**
- * This annotation may be used to resolve a method parameter into an argument value
+ * This annotation may be used to resolve a method parameter
- * for the following types: {@link ClientRegistration}, {@link OAuth2AuthorizedClient}
+ * to an argument value of type {@link OAuth2AuthorizedClient}.
- * and {@link OAuth2AccessToken}.
  *
  * <p>
  * For example:
  * <pre>
  * &#64;Controller
  * public class MyController {
- *     &#64;GetMapping("/client-registration")
- *     public String clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
- *         // do something with clientRegistration
- *     }
- *
  *     &#64;GetMapping("/authorized-client")
- *     public String authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
+ *     public String authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
  *         // do something with authorizedClient
  *     }
- *
- *     &#64;GetMapping("/access-token")
- *     public String accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
- *         // do something with accessToken
- *     }
  * }
  * </pre>
  *
  * @author Joe Grandja
  * @since 5.1
- * @see OAuth2ClientArgumentResolver
+ * @see OAuth2AuthorizedClientArgumentResolver
  */
 @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
-public @interface OAuth2Client {
+public @interface RegisteredOAuth2AuthorizedClient {
 
 	/**
 	 * Sets the client registration identifier.
@@ -74,8 +61,8 @@ public @interface OAuth2Client {
 	/**
 	 * The default attribute for this annotation.
 	 * This is an alias for {@link #registrationId()}.
-	 * For example, {@code @OAuth2Client("login-client")} is equivalent to
+	 * For example, {@code @RegisteredOAuth2AuthorizedClient("login-client")} is equivalent to
-	 * {@code @OAuth2Client(registrationId="login-client")}.
+	 * {@code @RegisteredOAuth2AuthorizedClient(registrationId="login-client")}.
 	 *
 	 * @return the client registration identifier
 	 */

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java

@@ -24,11 +24,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.support.WebDataBinderFactory;
@@ -38,60 +35,43 @@ import org.springframework.web.method.support.ModelAndViewContainer;
 
 /**
  * An implementation of a {@link HandlerMethodArgumentResolver} that is capable
- * of resolving a method parameter into an argument value for the following types:
+ * of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
- * {@link ClientRegistration}, {@link OAuth2AuthorizedClient} and {@link OAuth2AccessToken}.
  *
  * <p>
  * For example:
  * <pre>
  * &#64;Controller
  * public class MyController {
- *     &#64;GetMapping("/client-registration")
- *     public String clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
- *         // do something with clientRegistration
- *     }
- *
  *     &#64;GetMapping("/authorized-client")
- *     public String authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
+ *     public String authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
  *         // do something with authorizedClient
  *     }
- *
- *     &#64;GetMapping("/access-token")
- *     public String accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
- *         // do something with accessToken
- *     }
  * }
  * </pre>
  *
  * @author Joe Grandja
  * @since 5.1
- * @see OAuth2Client
+ * @see RegisteredOAuth2AuthorizedClient
  */
-public final class OAuth2ClientArgumentResolver implements HandlerMethodArgumentResolver {
+public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
-	private final ClientRegistrationRepository clientRegistrationRepository;
 	private final OAuth2AuthorizedClientService authorizedClientService;
 
 	/**
-	 * Constructs an {@code OAuth2ClientArgumentResolver} using the provided parameters.
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
 	 *
-	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientService the authorized client service
 	 */
-	public OAuth2ClientArgumentResolver(ClientRegistrationRepository clientRegistrationRepository,
+	public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientService authorizedClientService) {
-										OAuth2AuthorizedClientService authorizedClientService) {
-		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
-		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientService = authorizedClientService;
 	}
 
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		Class<?> parameterType = parameter.getParameterType();
-		return ((OAuth2AccessToken.class.isAssignableFrom(parameterType) ||
+		return (OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) &&
-				OAuth2AuthorizedClient.class.isAssignableFrom(parameterType) ||
+				(AnnotatedElementUtils.findMergedAnnotation(
-				ClientRegistration.class.isAssignableFrom(parameterType)) &&
+						parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null));
-				(AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class) != null));
 	}
 
 	@NonNull
@@ -101,30 +81,21 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
 									NativeWebRequest webRequest,
 									@Nullable WebDataBinderFactory binderFactory) throws Exception {
 
-		OAuth2Client oauth2ClientAnnotation = AnnotatedElementUtils.findMergedAnnotation(
+		RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils.findMergedAnnotation(
-				parameter.getParameter(), OAuth2Client.class);
+				parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();
 
 		String clientRegistrationId = null;
-		if (!StringUtils.isEmpty(oauth2ClientAnnotation.registrationId())) {
+		if (!StringUtils.isEmpty(authorizedClientAnnotation.registrationId())) {
-			clientRegistrationId = oauth2ClientAnnotation.registrationId();
+			clientRegistrationId = authorizedClientAnnotation.registrationId();
-		} else if (!StringUtils.isEmpty(oauth2ClientAnnotation.value())) {
+		} else if (!StringUtils.isEmpty(authorizedClientAnnotation.value())) {
-			clientRegistrationId = oauth2ClientAnnotation.value();
+			clientRegistrationId = authorizedClientAnnotation.value();
 		} else if (principal != null && OAuth2AuthenticationToken.class.isAssignableFrom(principal.getClass())) {
 			clientRegistrationId = ((OAuth2AuthenticationToken) principal).getAuthorizedClientRegistrationId();
 		}
 		if (StringUtils.isEmpty(clientRegistrationId)) {
 			throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. " +
-					"It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
+					"It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
-		}
-
-		if (ClientRegistration.class.isAssignableFrom(parameter.getParameterType())) {
-			ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
-			if (clientRegistration == null) {
-				throw new IllegalArgumentException("Unable to find ClientRegistration with registration identifier \"" +
-						clientRegistrationId + "\".");
-			}
-			return clientRegistration;
 		}
 
 		if (principal == null) {
@@ -140,7 +111,6 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
 			throw new ClientAuthorizationRequiredException(clientRegistrationId);
 		}
 
-		return OAuth2AccessToken.class.isAssignableFrom(parameter.getParameterType()) ?
+		return authorizedClient;
-			authorizedClient.getAccessToken() : authorizedClient;
 	}
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.java

@@ -24,92 +24,65 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
 import org.springframework.web.server.ServerWebExchange;
-
 import reactor.core.publisher.Mono;
 
 /**
  * An implementation of a {@link HandlerMethodArgumentResolver} that is capable
- * of resolving a method parameter into an argument value for the following types:
+ * of resolving a method parameter to an argument value of type {@link OAuth2AuthorizedClient}.
- * {@link ClientRegistration}, {@link OAuth2AuthorizedClient} and {@link OAuth2AccessToken}.
  *
  * <p>
  * For example:
  * <pre>
  * &#64;Controller
  * public class MyController {
- *     &#64;GetMapping("/client-registration")
- *     public Mono<String></String> clientRegistration(@OAuth2Client("login-client") ClientRegistration clientRegistration) {
- *         // do something with clientRegistration
- *     }
- *
  *     &#64;GetMapping("/authorized-client")
- *     public Mono<String></String> authorizedClient(@OAuth2Client("login-client") OAuth2AuthorizedClient authorizedClient) {
+ *     public Mono&lt;String&gt; authorizedClient(@RegisteredOAuth2AuthorizedClient("login-client") OAuth2AuthorizedClient authorizedClient) {
  *         // do something with authorizedClient
  *     }
- *
- *     &#64;GetMapping("/access-token")
- *     public Mono<String> accessToken(@OAuth2Client("login-client") OAuth2AccessToken accessToken) {
- *         // do something with accessToken
- *     }
  * }
  * </pre>
  *
  * @author Rob Winch
  * @since 5.1
- * @see OAuth2Client
+ * @see RegisteredOAuth2AuthorizedClient
  */
-public final class OAuth2ClientArgumentResolver implements HandlerMethodArgumentResolver {
+public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
-	private final ReactiveClientRegistrationRepository clientRegistrationRepository;
 	private final ReactiveOAuth2AuthorizedClientService authorizedClientService;
 
 	/**
-	 * Constructs an {@code OAuth2ClientArgumentResolver} using the provided parameters.
+	 * Constructs an {@code OAuth2AuthorizedClientArgumentResolver} using the provided parameters.
 	 *
-	 * @param clientRegistrationRepository the repository of client registrations
 	 * @param authorizedClientService the authorized client service
 	 */
-	public OAuth2ClientArgumentResolver(ReactiveClientRegistrationRepository clientRegistrationRepository,
+	public OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientService authorizedClientService) {
-			ReactiveOAuth2AuthorizedClientService authorizedClientService) {
-		Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
 		Assert.notNull(authorizedClientService, "authorizedClientService cannot be null");
-		this.clientRegistrationRepository = clientRegistrationRepository;
 		this.authorizedClientService = authorizedClientService;
 	}
 
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
-		return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class) != null;
+		return AnnotatedElementUtils.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
 	}
 
 	@Override
 	public Mono<Object> resolveArgument(
 			MethodParameter parameter, BindingContext bindingContext, ServerWebExchange exchange) {
 		return Mono.defer(() -> {
-			OAuth2Client oauth2ClientAnnotation = AnnotatedElementUtils
+			RegisteredOAuth2AuthorizedClient authorizedClientAnnotation = AnnotatedElementUtils
-					.findMergedAnnotation(parameter.getParameter(), OAuth2Client.class);
+					.findMergedAnnotation(parameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
 
-			Mono<String> clientRegistrationId = Mono.justOrEmpty(oauth2ClientAnnotation.registrationId())
+			Mono<String> clientRegistrationId = Mono.justOrEmpty(authorizedClientAnnotation.registrationId())
 					.filter(id -> !StringUtils.isEmpty(id))
 					.switchIfEmpty(clientRegistrationId())
 					.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalArgumentException(
-							"Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\")."))));
+							"Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\")."))));
-
-			if (ClientRegistration.class.isAssignableFrom(parameter.getParameterType())) {
-				return clientRegistrationId.flatMap(id -> this.clientRegistrationRepository.findByRegistrationId(id)
-						.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalArgumentException(
-								"Unable to find ClientRegistration with registration identifier \""
-										+ id + "\"."))))).cast(Object.class);
-			}
 
 			Mono<String> principalName = ReactiveSecurityContextHolder.getContext()
 					.map(SecurityContext::getAuthentication).map(Authentication::getName);
@@ -129,10 +102,6 @@ public final class OAuth2ClientArgumentResolver implements HandlerMethodArgument
 												registrationId))));
 					}).cast(OAuth2AuthorizedClient.class);
 
-			if (OAuth2AccessToken.class.isAssignableFrom(parameter.getParameterType())) {
-				return authorizedClient.map(OAuth2AuthorizedClient::getAccessToken);
-			}
-
 			return authorizedClient.cast(Object.class);
 		});
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java

@@ -24,13 +24,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.ReflectionUtils;
 
 import java.lang.reflect.Method;
@@ -43,69 +38,32 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 /**
- * Tests for {@link OAuth2ClientArgumentResolver}.
+ * Tests for {@link OAuth2AuthorizedClientArgumentResolver}.
  *
  * @author Joe Grandja
  */
-public class OAuth2ClientArgumentResolverTests {
+public class OAuth2AuthorizedClientArgumentResolverTests {
-	private ClientRegistrationRepository clientRegistrationRepository;
 	private OAuth2AuthorizedClientService authorizedClientService;
-	private OAuth2ClientArgumentResolver argumentResolver;
+	private OAuth2AuthorizedClientArgumentResolver argumentResolver;
-	private ClientRegistration clientRegistration;
 	private OAuth2AuthorizedClient authorizedClient;
-	private OAuth2AccessToken accessToken;
 
 	@Before
 	public void setUp() {
-		this.clientRegistrationRepository = mock(ClientRegistrationRepository.class);
 		this.authorizedClientService = mock(OAuth2AuthorizedClientService.class);
-		this.argumentResolver = new OAuth2ClientArgumentResolver(
+		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
-			this.clientRegistrationRepository, this.authorizedClientService);
-		this.clientRegistration = ClientRegistration.withRegistrationId("client1")
-				.clientId("client-id")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("{baseUrl}/client1")
-				.scope("scope1", "scope2")
-				.authorizationUri("https://provider.com/oauth2/auth")
-				.tokenUri("https://provider.com/oauth2/token")
-				.clientName("Client 1")
-				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(this.clientRegistration);
 		this.authorizedClient = mock(OAuth2AuthorizedClient.class);
 		when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(this.authorizedClient);
-		this.accessToken = mock(OAuth2AccessToken.class);
-		when(this.authorizedClient.getAccessToken()).thenReturn(this.accessToken);
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(mock(Authentication.class));
 		SecurityContextHolder.setContext(securityContext);
 	}
 
-	@Test
-	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(null, this.authorizedClientService))
-				.isInstanceOf(IllegalArgumentException.class);
-	}
-
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, null))
+		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
-	@Test
-	public void supportsParameterWhenParameterTypeOAuth2AccessTokenThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
-	}
-
-	@Test
-	public void supportsParameterWhenParameterTypeOAuth2AccessTokenWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenWithoutAnnotation", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
-	}
-
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
@@ -118,18 +76,6 @@ public class OAuth2ClientArgumentResolverTests {
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
-	@Test
-	public void supportsParameterWhenParameterTypeClientRegistrationThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
-	}
-
-	@Test
-	public void supportsParameterWhenParameterTypeClientRegistrationWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistrationWithoutAnnotation", ClientRegistration.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
-	}
-
 	@Test
 	public void supportsParameterWhenParameterTypeUnsupportedThenFalse() {
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupported", String.class);
@@ -144,10 +90,10 @@ public class OAuth2ClientArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() throws Exception {
-		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
+		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
+				.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 	}
 
 	@Test
@@ -157,25 +103,10 @@ public class OAuth2ClientArgumentResolverTests {
 		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
 		securityContext.setAuthentication(authentication);
 		SecurityContextHolder.setContext(securityContext);
-		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
+		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		this.argumentResolver.resolveArgument(methodParameter, null, null, null);
 	}
 
-	@Test
-	public void resolveArgumentWhenClientRegistrationFoundThenResolves() throws Exception {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.clientRegistration);
-	}
-
-	@Test
-	public void resolveArgumentWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() throws Exception {
-		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(null);
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Unable to find ClientRegistration with registration identifier \"client1\".");
-	}
-
 	@Test
 	public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenThrowIllegalStateException() throws Exception {
 		SecurityContextHolder.clearContext();
@@ -201,60 +132,25 @@ public class OAuth2ClientArgumentResolverTests {
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientFoundThenResolves() throws Exception {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.authorizedClient.getAccessToken());
-	}
-
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() throws Exception {
-		when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(null);
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThatThrownBy(() -> this.argumentResolver.resolveArgument(methodParameter, null, null, null))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
-	}
-
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndAnnotationRegistrationIdSetThenResolves() throws Exception {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenAnnotationRegistrationId", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.resolveArgument(methodParameter, null, null, null)).isSameAs(this.authorizedClient.getAccessToken());
-	}
-
 	private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
 		Method method = ReflectionUtils.findMethod(TestController.class, methodName, paramTypes);
 		return new MethodParameter(method, 0);
 	}
 
 	static class TestController {
-		void paramTypeAccessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
+		void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-		}
-
-		void paramTypeAccessTokenWithoutAnnotation(OAuth2AccessToken accessToken) {
-		}
-
-		void paramTypeAuthorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
 		}
 
 		void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
 		}
 
-		void paramTypeClientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
+		void paramTypeUnsupported(@RegisteredOAuth2AuthorizedClient("client1") String param) {
-		}
-
-		void paramTypeClientRegistrationWithoutAnnotation(ClientRegistration clientRegistration) {
-		}
-
-		void paramTypeUnsupported(@OAuth2Client("client1") String param) {
 		}
 
 		void paramTypeUnsupportedWithoutAnnotation(String param) {
 		}
 
-		void registrationIdEmpty(@OAuth2Client OAuth2AccessToken accessToken) {
+		void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
-		}
-
-		void paramTypeAccessTokenAnnotationRegistrationId(@OAuth2Client(registrationId = "client1") OAuth2AccessToken accessToken) {
 		}
 	}
 }

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java

@@ -16,15 +16,6 @@
 
 package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;
 
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.lang.reflect.Method;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -37,83 +28,49 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.util.ReflectionUtils;
-
 import reactor.core.publisher.Hooks;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
+import java.lang.reflect.Method;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 /**
  * @author Rob Winch
  * @since 5.1
  */
 @RunWith(MockitoJUnitRunner.class)
-public class OAuth2ClientArgumentResolverTests {
+public class OAuth2AuthorizedClientArgumentResolverTests {
-	@Mock
-	private ReactiveClientRegistrationRepository clientRegistrationRepository;
 	@Mock
 	private ReactiveOAuth2AuthorizedClientService authorizedClientService;
-	private OAuth2ClientArgumentResolver argumentResolver;
+	private OAuth2AuthorizedClientArgumentResolver argumentResolver;
-	private ClientRegistration clientRegistration;
 	private OAuth2AuthorizedClient authorizedClient;
-	private OAuth2AccessToken accessToken;
 
 	private Authentication authentication = new TestingAuthenticationToken("test", "this");
 
 	@Before
 	public void setUp() {
-		this.argumentResolver = new OAuth2ClientArgumentResolver(
+		this.argumentResolver = new OAuth2AuthorizedClientArgumentResolver(this.authorizedClientService);
-				this.clientRegistrationRepository, this.authorizedClientService);
-		this.clientRegistration = ClientRegistration.withRegistrationId("client1")
-				.clientId("client-id")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("{baseUrl}/client1")
-				.scope("scope1", "scope2")
-				.authorizationUri("https://provider.com/oauth2/auth")
-				.tokenUri("https://provider.com/oauth2/token")
-				.clientName("Client 1")
-				.build();
-		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.just(this.clientRegistration));
 		this.authorizedClient = mock(OAuth2AuthorizedClient.class);
 		when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(Mono.just(this.authorizedClient));
-		this.accessToken = mock(OAuth2AccessToken.class);
-		when(this.authorizedClient.getAccessToken()).thenReturn(this.accessToken);
 		Hooks.onOperatorDebug();
 	}
 
-	@Test
-	public void constructorWhenClientRegistrationRepositoryIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(null, this.authorizedClientService))
-				.isInstanceOf(IllegalArgumentException.class);
-	}
-
 	@Test
 	public void constructorWhenOAuth2AuthorizedClientServiceIsNullThenThrowIllegalArgumentException() {
-		assertThatThrownBy(() -> new OAuth2ClientArgumentResolver(this.clientRegistrationRepository, null))
+		assertThatThrownBy(() -> new OAuth2AuthorizedClientArgumentResolver(null))
 				.isInstanceOf(IllegalArgumentException.class);
 	}
 
-	@Test
-	public void supportsParameterWhenParameterTypeOAuth2AccessTokenThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
-	}
-
-	@Test
-	public void supportsParameterWhenParameterTypeOAuth2AccessTokenWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenWithoutAnnotation", OAuth2AccessToken.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
-	}
-
 	@Test
 	public void supportsParameterWhenParameterTypeOAuth2AuthorizedClientThenTrue() {
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeAuthorizedClient", OAuth2AuthorizedClient.class);
@@ -126,18 +83,6 @@ public class OAuth2ClientArgumentResolverTests {
 		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
 	}
 
-	@Test
-	public void supportsParameterWhenParameterTypeClientRegistrationThenTrue() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isTrue();
-	}
-
-	@Test
-	public void supportsParameterWhenParameterTypeClientRegistrationWithoutAnnotationThenFalse() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistrationWithoutAnnotation", ClientRegistration.class);
-		assertThat(this.argumentResolver.supportsParameter(methodParameter)).isFalse();
-	}
-
 	@Test
 	public void supportsParameterWhenParameterTypeUnsupportedWithoutAnnotationThenFalse() {
 		MethodParameter methodParameter = this.getMethodParameter("paramTypeUnsupportedWithoutAnnotation", String.class);
@@ -146,10 +91,10 @@ public class OAuth2ClientArgumentResolverTests {
 
 	@Test
 	public void resolveArgumentWhenRegistrationIdEmptyAndNotOAuth2AuthenticationThenThrowIllegalArgumentException() {
-		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
+		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		assertThatThrownBy(() -> resolveArgument(methodParameter))
 				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @OAuth2Client(\"client1\") or @OAuth2Client(registrationId = \"client1\").");
+				.hasMessage("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
 	}
 
 	@Test
@@ -157,25 +102,10 @@ public class OAuth2ClientArgumentResolverTests {
 		this.authentication = mock(OAuth2AuthenticationToken.class);
 		when(this.authentication.getName()).thenReturn("client1");
 		when(((OAuth2AuthenticationToken) this.authentication).getAuthorizedClientRegistrationId()).thenReturn("client1");
-		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AccessToken.class);
+		MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class);
 		resolveArgument(methodParameter);
 	}
 
-	@Test
-	public void resolveArgumentWhenClientRegistrationFoundThenResolves() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThat(resolveArgument(methodParameter)).isSameAs(this.clientRegistration);
-	}
-
-	@Test
-	public void resolveArgumentWhenClientRegistrationNotFoundThenThrowIllegalArgumentException() {
-		when(this.clientRegistrationRepository.findByRegistrationId(anyString())).thenReturn(Mono.empty());
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeClientRegistration", ClientRegistration.class);
-		assertThatThrownBy(() -> resolveArgument(methodParameter))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("Unable to find ClientRegistration with registration identifier \"client1\".");
-	}
-
 	@Test
 	public void resolveArgumentWhenParameterTypeOAuth2AuthorizedClientAndCurrentAuthenticationNullThenThrowIllegalStateException() {
 		this.authentication = null;
@@ -201,26 +131,6 @@ public class OAuth2ClientArgumentResolverTests {
 				.isInstanceOf(ClientAuthorizationRequiredException.class);
 	}
 
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientFoundThenResolves() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient.getAccessToken());
-	}
-
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndOAuth2AuthorizedClientNotFoundThenThrowClientAuthorizationRequiredException() {
-		when(this.authorizedClientService.loadAuthorizedClient(anyString(), any())).thenReturn(Mono.empty());
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessToken", OAuth2AccessToken.class);
-		assertThatThrownBy(() -> resolveArgument(methodParameter))
-				.isInstanceOf(ClientAuthorizationRequiredException.class);
-	}
-
-	@Test
-	public void resolveArgumentWhenOAuth2AccessTokenAndAnnotationRegistrationIdSetThenResolves() {
-		MethodParameter methodParameter = this.getMethodParameter("paramTypeAccessTokenAnnotationRegistrationId", OAuth2AccessToken.class);
-		assertThat(resolveArgument(methodParameter)).isSameAs(this.authorizedClient.getAccessToken());
-	}
-
 	private Object resolveArgument(MethodParameter methodParameter) {
 		return this.argumentResolver.resolveArgument(methodParameter, null, null)
 				.subscriberContext(this.authentication == null ? Context.empty() : ReactiveSecurityContextHolder.withAuthentication(this.authentication))
@@ -234,34 +144,19 @@ public class OAuth2ClientArgumentResolverTests {
 	}
 
 	static class TestController {
-		void paramTypeAccessToken(@OAuth2Client("client1") OAuth2AccessToken accessToken) {
+		void paramTypeAuthorizedClient(@RegisteredOAuth2AuthorizedClient("client1") OAuth2AuthorizedClient authorizedClient) {
-		}
-
-		void paramTypeAccessTokenWithoutAnnotation(OAuth2AccessToken accessToken) {
-		}
-
-		void paramTypeAuthorizedClient(@OAuth2Client("client1") OAuth2AuthorizedClient authorizedClient) {
 		}
 
 		void paramTypeAuthorizedClientWithoutAnnotation(OAuth2AuthorizedClient authorizedClient) {
 		}
 
-		void paramTypeClientRegistration(@OAuth2Client("client1") ClientRegistration clientRegistration) {
+		void paramTypeUnsupported(@RegisteredOAuth2AuthorizedClient("client1") String param) {
-		}
-
-		void paramTypeClientRegistrationWithoutAnnotation(ClientRegistration clientRegistration) {
-		}
-
-		void paramTypeUnsupported(@OAuth2Client("client1") String param) {
 		}
 
 		void paramTypeUnsupportedWithoutAnnotation(String param) {
 		}
 
-		void registrationIdEmpty(@OAuth2Client OAuth2AccessToken accessToken) {
+		void registrationIdEmpty(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
-		}
-
-		void paramTypeAccessTokenAnnotationRegistrationId(@OAuth2Client(registrationId = "client1") OAuth2AccessToken accessToken) {
 		}
 	}
 }

samples/boot/authcodegrant/src/main/java/sample/web/GitHubReposController.java

@@ -16,7 +16,7 @@
 package sample.web;
 
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -44,7 +44,7 @@ public class GitHubReposController {
 	}
 
 	@GetMapping("/repos")
-	public String gitHubRepos(Model model, @OAuth2Client("github") OAuth2AuthorizedClient authorizedClient) {
+	public String gitHubRepos(Model model, @RegisteredOAuth2AuthorizedClient("github") OAuth2AuthorizedClient authorizedClient) {
 		String endpointUri = "https://api.github.com/user/repos";
 		List repos = this.webClient
 			.get()

samples/boot/oauth2login-webflux/src/main/java/sample/web/OAuth2LoginController.java

@@ -18,7 +18,7 @@ package sample.web;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -32,7 +32,7 @@ public class OAuth2LoginController {
 
 	@GetMapping("/")
 	public String index(Model model,
-						@OAuth2Client OAuth2AuthorizedClient authorizedClient,
+						@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
 						@AuthenticationPrincipal OAuth2User oauth2User) {
 		model.addAttribute("userName", oauth2User.getName());
 		model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());

samples/boot/oauth2login/src/main/java/sample/web/OAuth2LoginController.java

@@ -17,7 +17,7 @@ package sample.web;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.annotation.OAuth2Client;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -32,7 +32,7 @@ public class OAuth2LoginController {
 
 	@GetMapping("/")
 	public String index(Model model,
-						@OAuth2Client OAuth2AuthorizedClient authorizedClient,
+						@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
 						@AuthenticationPrincipal OAuth2User oauth2User) {
 		model.addAttribute("userName", oauth2User.getName());
 		model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());