Issue
I try to set the property spring.security.oauth2.client.registration.[registrationId].redirect-uri (did not want to use the default /login/oauth2/code/[registrationId]) in Spring webflux and end up in a infinite loop of redirects. This works for plain Spring web project though. I would expect it to work for webflux as well.
I was looking at the webflux documentation for setting up redirect URI at https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/html/webflux-oauth2.html#webflux-oauth2-login-sample-redirect and there is no note on overriding the redirect-uri there and therefore I was not quite sure if that parameter setting is available for webflux.
To Reproduce
Thanks to @anydoby for setting up below sample projects to reproduce this issue (https://github.com/oktadev/okta-spring-webclient-example/issues/2 & https://github.com/okta/okta-spring-boot/issues/388).
Webflux: https://github.com/anydoby/okta-webflux Spring Web: https://github.com/anydoby/okta-springmvc
Expected behavior
I would have expected the webflux app to have redirected to the redirect-uri defined in spring.security.oauth2.client.registration.[registrationId].redirect-uri property.
Sample
Webflux: https://github.com/anydoby/okta-webflux Spring Web: https://github.com/anydoby/okta-springmvc
Comment From: sjohnr
@arvindkrishnakumar-okta, thanks for getting in touch. Please see the section of the docs on the Redirection Endpoint. You will need to override the redirection endpoint for the filter using .oauth2Login().authenticationMatcher() to match your custom redirect-uri setting.
Note: The reactive section of the docs for OAuth2 was rewritten in 5.6. You'll want to check the latest version of the docs linked from spring.io/projects/spring-security#learn.
I'm going to close this issue for now, but if you still need help please let me know.