mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 00:32:14 +00:00
1f90df6a14
find -name "*.adoc" | xargs -I{file} awk -v file={file} '/\[\[/ { gsub("\[|\]", ""); id=$0; gsub("./docs/modules/ROOT/pages/", "", file); gsub("\[|\]", ""); id=$0;getline;text=$0; sub("^=+ ","", text); print file > "build/ids/"id".id"; print text > "build/ids/"id".text" }' {file}
find docs/modules -name "*.adoc"|while read adoc_file_to_replace; do
echo "Replacing $adoc_file_to_replace"
for id_file in build/ids/*.id; do
id=$(basename $id_file | sed 's/\.id$//')
xref_page=$(cat $id_file)
if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]]
then
echo " - Skipping same page refid $id "
else
sed -i -E "s%<<$id(|,([^,>]+))>>%xref:${xref_page}#${id}[\2]%g" $adoc_file_to_replace
fi
done
done
64 lines
2.0 KiB
Plaintext
64 lines
2.0 KiB
Plaintext
[[webflux-roac]]
|
|
= @RegisteredOAuth2AuthorizedClient
|
|
|
|
Spring Security allows resolving an access token using `@RegisteredOAuth2AuthorizedClient`.
|
|
|
|
[NOTE]
|
|
====
|
|
A working example can be found in {gh-samples-url}/reactive/webflux/java/oauth2/webclient[*OAuth 2.0 WebClient WebFlux sample*].
|
|
====
|
|
|
|
After configuring Spring Security for xref:reactive/oauth2/login.adoc#webflux-oauth2-login[OAuth2 Login] or as an xref:reactive/oauth2/access-token.adoc#webflux-oauth2-client[OAuth2 Client], an `OAuth2AuthorizedClient` can be resolved using the following:
|
|
|
|
====
|
|
.Java
|
|
[source,java,role="primary"]
|
|
----
|
|
@GetMapping("/explicit")
|
|
Mono<String> explicit(@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient) {
|
|
// ...
|
|
}
|
|
----
|
|
|
|
.Kotlin
|
|
[source,kotlin,role="secondary"]
|
|
----
|
|
@GetMapping("/explicit")
|
|
fun explicit(@RegisteredOAuth2AuthorizedClient("client-id") authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
|
|
// ...
|
|
}
|
|
----
|
|
====
|
|
|
|
This integrates into Spring Security to provide the following features:
|
|
|
|
* Spring Security will automatically refresh expired tokens (if a refresh token is present)
|
|
* If an access token is requested and not present, Spring Security will automatically request the access token.
|
|
** For `authorization_code` this involves performing the redirect and then replaying the original request
|
|
** For `client_credentials` the token is simply requested and saved
|
|
|
|
If the user authenticated using `oauth2Login()`, then the `client-id` is optional.
|
|
For example, the following would work:
|
|
|
|
====
|
|
.Java
|
|
[source,java,role="primary"]
|
|
----
|
|
@GetMapping("/implicit")
|
|
Mono<String> implicit(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
|
|
// ...
|
|
}
|
|
----
|
|
|
|
.Kotlin
|
|
[source,kotlin,role="secondary"]
|
|
----
|
|
@GetMapping("/implicit")
|
|
fun implicit(@RegisteredOAuth2AuthorizedClient authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
|
|
// ...
|
|
}
|
|
----
|
|
====
|
|
|
|
This is convenient if the user always authenticates with OAuth2 Login and an access token from the same authorization server is needed.
|