Spring Security allow retrieval of access/refresh tokens in oauth 2

so I believe currently after OIDC retrieves the profile information it wipes the access token, refresh token, etc. However these are useful in making further calls to other APIs. It would be nice if that information could be made available via a property source, or maybe another method.

https://stackoverflow.com/q/56844287/206466

context: I'm trying to play with google playlists, just list them now

curl \
  'https://www.googleapis.com/youtube/v3/playlists?part=snippet%2CcontentDetails&maxResults=25&mine=true&key=[YOUR_API_KEY]' \
  --header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
  --header 'Accept: application/json' \
  --compressed

So I've got google login set up with Spring Boot 2.1.6, as follows (it works)

spring.security.oauth2.client.registration.google.client-id=...
spring.security.oauth2.client.registration.google.client-secret=...
spring.security.oauth2.client.registration.google.redirect-uri=http://localhost:8080/login/oauth2/code/google
spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
spring.security.oauth2.client.provider.google.user-info-uri=https://openidconnect.googleapis.com/v1/userinfo
spring.security.oauth2.client.provider.google.jwk-set-uri=https://www.googleapis.com/oauth2/v3/certs
spring.security.oauth2.client.provider.google.issuer-uri=https://accounts.google.com
spring.security.oauth2.client.registration.google.scope=profile,https://www.googleapis.com/auth/youtube

according to google google docs I should get an access/authorization token back during the requests spring makes. How can I retrieve this token so I can make further calls to API's such as youtube?

Comment From: jgrandja

@xenoterracide

after OIDC retrieves the profile information it wipes the access token, refresh token, etc

No, it doesn't get wiped out. You can retrieve the OAuth2AuthorizedClient via the OAuth2AuthorizedClientRepository or OAuth2AuthorizedClientService. The OAuth2AuthorizedClient contains the OAuth2AccessToken and optional OAuth2RefreshToken. See the ref doc for further info.

Also, a more convenient way of obtaining the OAuth2AuthorizedClient is via @RegisteredOAuth2AuthorizedClient.

I encourage you to read the ref doc as there is quite a bit of info there that will likely answer your questions. - OAuth 2.0 Client - OAuth 2.0 Login

Also, in the future, please post questions to StackOverflow as we prefer to keep GitHub for issue/bug tracking and new feature requests.

Comment From: xenoterracide

heh, funny thing I asked this on stackoverflow first, and included that link, too bad you didn't answer there now someone is asking me about the answer.

Comment From: jgrandja

@xenoterracide It's redundant to post the answer in both places. You can always reply to the user by providing a link to the answer here.

I noticed your comment on StackOverflow, which I found quite unnecessary.

Again, we prefer to use GitHub issues only for bugs and enhancements. Questions should be posted to StackOverflow.