Summary
I'm trying to set my WebClient to use OAuth 2.0 authentication with the password grant type, but can't find how to properly set the username and the password.
In my application, the relevant parameters are received in the form of a Map<String, String>. For this reason, I'm trying to do it programatically (i.e., without the use of beans). My approach is probably wrong to begin with, though.
Actual Behavior
I'm unsure how to go around setting the username and password. According to this: "The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely".
Expected Behavior
I expect to be able to access protected resources by using the password grant type.
Configuration
Nothing in particular.
Version
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
<version>5.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
<version>0.9.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>5.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
<version>5.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.7.RELEASE</version>
</dependency>
<dependency>
Sample
This is the relevant code:
OAuth20Info oAuth20Info = (OAuth20Info) parameters.getAuthenticationInfo();
ClientRegistration registration = ClientRegistrations.fromOidcIssuerLocation(oAuth20Info.getHost() + ":" + oAuth20Info.getPort()) // host, port
.clientId(oAuth20Info.getClientId()) // clientId
.tokenUri(oAuth20Info.getTokenUrlPath()) // tokenUrlPath
.authorizationGrantType(AuthorizationGrantType.PASSWORD) // grantType
// TODO: How to set: username (oAuth20Info.getUsername()), password (oAuth20Info.getPassword())?
.build();
ReactiveClientRegistrationRepository clientRegistrations = new InMemoryReactiveClientRegistrationRepository(registration);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
return WebClient.builder().filter(oauth).build();
EDIT: I created a question in StackOverflow
Comment From: jgrandja
@Flood1993 Usage is documented in the reference. Please review the following 2 links:
As well, questions are better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
Comment From: waqasdilawar
@Flood1993 Usage is documented in the reference. Please review the following 2 links:
As well, questions are better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
Both of the provided links are broken.