Spring Security Ensure Spring Security OAuth works well with Sagan

Summary

We should provide a pull request to Sagan to update to use the new Spring Security OAuth support. Along the way we should find any areas for improvements in Spring Security OAuth support and make them.

Comment From: jgrandja

@rwinch As mentioned, @bclozel is currently in the process of upgrading Sagan to Spring Boot 2. As soon as that is complete, I'll upgrade it to use the new OAuth client support.

Comment From: jgrandja

@bclozel I'm circling back to this issue and wondering if you have already updated Sagan to use Spring Security's OAuth client support?

Comment From: bclozel

Hey @jgrandja thanks for reaching out!

We're now using the Spring Security OAuth client support, see the security config class and the github client registration.

As far as I understand the only missing piece in our security arrangement would be to use Bearer tokens as an authentication mechanism for the API (see https://github.com/spring-io/sagan/issues/1025).

Comment From: jgrandja

Thanks for the update @bclozel !

Bearer token authentication could be configured by adding a BearerTokenAuthenticationFilter as @rwinch mentioned. Let me know if you need any help with this.

Comment From: jgrandja

Resolved as per comment.