From 8c0d2cccf1d99428bcb409ec2fbe70a692703070 Mon Sep 17 00:00:00 2001 From: Joe Grandja <10884212+jgrandja@users.noreply.github.com> Date: Mon, 9 Mar 2026 16:45:30 -0400 Subject: [PATCH] Initialize RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler when jose is on classpath Issue gh-17246 --- ...OAuth2AuthorizedClientProviderBuilder.java | 2 +- ...eactiveOAuth2AuthorizedClientProvider.java | 19 ++++++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java index 3e6d88be93..ee25f44c8d 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java @@ -278,7 +278,7 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { /** * Sets a {@link ReactiveOAuth2AuthorizationSuccessHandler} to use for handling - * successful refresh token response, defaults to + * successful refresh token response, see * {@link RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler}. * @param authorizationSuccessHandler the * {@link ReactiveOAuth2AuthorizationSuccessHandler} to use diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java index 4f9f86f85e..a711b29559 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenReactiveOAuth2AuthorizedClientProvider.java @@ -36,6 +36,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2Token; import org.springframework.util.Assert; +import org.springframework.util.ClassUtils; /** * An implementation of a {@link ReactiveOAuth2AuthorizedClientProvider} for the @@ -50,14 +51,25 @@ import org.springframework.util.Assert; public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider { + private static final boolean josePresent = ClassUtils.isPresent( + "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder", + RefreshTokenReactiveOAuth2AuthorizedClientProvider.class.getClassLoader()); + private ReactiveOAuth2AccessTokenResponseClient accessTokenResponseClient = new WebClientReactiveRefreshTokenTokenResponseClient(); - private ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler = new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler(); + private ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler = (authorizedClient, principal, + attributes) -> Mono.empty(); private Duration clockSkew = Duration.ofSeconds(60); private Clock clock = Clock.systemUTC(); + public RefreshTokenReactiveOAuth2AuthorizedClientProvider() { + if (josePresent) { + this.authorizationSuccessHandler = new RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler(); + } + } + /** * Attempt to re-authorize the * {@link OAuth2AuthorizationContext#getClientRegistration() client} in the provided @@ -128,8 +140,9 @@ public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider /** * Sets a {@link ReactiveOAuth2AuthorizationSuccessHandler} to use for handling - * successful refresh token response, defaults to - * {@link RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler}. + * successful refresh token response. Defaults to + * {@link RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler}, when + * {@code spring-security-oauth2-jose} is available on the classpath. * @param authorizationSuccessHandler the * {@link ReactiveOAuth2AuthorizationSuccessHandler} to use * @since 7.1