Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/pages/reactive/registered-oauth2-authorized-client.adoc
Steve Riesenberg 47087ba9c5 Revamp OAuth 2.0 Client reactive documentation 
Related gh-8174
2021-10-14 14:35:25 -05:00

64 lines
2.0 KiB
Plaintext
Raw Blame History

[[webflux-roac]]
= @RegisteredOAuth2AuthorizedClient
Spring Security allows resolving an access token using `@RegisteredOAuth2AuthorizedClient`.
[NOTE]
====
A working example can be found in {gh-samples-url}/reactive/webflux/java/oauth2/webclient[*OAuth 2.0 WebClient WebFlux sample*].
====
After configuring Spring Security for xref:reactive/oauth2/login.adoc#webflux-oauth2-login[OAuth2 Login] or as an xref:reactive/oauth2/oauth2-client.adoc#webflux-oauth2-client[OAuth2 Client], an `OAuth2AuthorizedClient` can be resolved using the following:
====
.Java
[source,java,role="primary"]
----
@GetMapping("/explicit")
Mono<String> explicit(@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient) {
// ...
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@GetMapping("/explicit")
fun explicit(@RegisteredOAuth2AuthorizedClient("client-id") authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
// ...
}
----
====
This integrates into Spring Security to provide the following features:
* Spring Security will automatically refresh expired tokens (if a refresh token is present)
* If an access token is requested and not present, Spring Security will automatically request the access token.
** For `authorization_code` this involves performing the redirect and then replaying the original request
** For `client_credentials` the token is simply requested and saved
If the user authenticated using `oauth2Login()`, then the `client-id` is optional.
For example, the following would work:
====
.Java
[source,java,role="primary"]
----
@GetMapping("/implicit")
Mono<String> implicit(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
// ...
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@GetMapping("/implicit")
fun implicit(@RegisteredOAuth2AuthorizedClient authorizedClient: OAuth2AuthorizedClient?): Mono<String> {
// ...
}
----
====
This is convenient if the user always authenticates with OAuth2 Login and an access token from the same authorization server is needed.
Reference in New Issue View Git Blame Copy Permalink