Describe the bug
https://docs.spring.io/spring-security/reference/servlet/oauth2/client/authorization-grants.html
says you can do ClientRegistration.withRegistrationId("...").principal(...);, no such method exists
following that, this doesn't compile due to the wrong type, but the documentation says it should
val registration = ClientRegistration.withRegistrationId("devexchange").build();
clientService.authorize(registration)
I'm using 5.7.3 and the docs have 5.7.3 selected. I'm not even sure how this happened? because this was new in 5.x right? so the published API's shouldn't have changed...
Comment From: jzheaux
Thanks for posting this, @xenoterracide. I'm not clear on where you are looking in the documentation, though. The link you gave talks about
OAuth2AuthorizeRequest.withClientRegistrationId("okta").principal(authentication)
which does exist. Can you update the link to where you are seeing the incorrect documentation or point out what I've overlooked?
Comment From: xenoterracide
it doesn't for me... no such method, even when I jump into sources I haven't been able to find the principal method
❯ fd gradle.lockfile -x grep security {} | awk -F'=' '{ print $1 }' | sort -u
org.springframework.security:spring-security-config:5.7.3
org.springframework.security:spring-security-core:5.7.3
org.springframework.security:spring-security-crypto:5.7.3
org.springframework.security:spring-security-oauth2-client:5.7.3
org.springframework.security:spring-security-oauth2-core:5.7.3
org.springframework.security:spring-security-oauth2-jose:5.7.3
org.springframework.security:spring-security-rsa:1.0.11.RELEASE
org.springframework.security:spring-security-test:5.7.3
org.springframework.security:spring-security-web:5.7.3
doesn't compile due to missing method
package e1.configuration.feign
import com.github.tomakehurst.wiremock.client.WireMock.get
import com.github.tomakehurst.wiremock.client.WireMock.ok
import com.github.tomakehurst.wiremock.client.WireMock.post
import com.github.tomakehurst.wiremock.client.WireMock.stubFor
import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock
import org.springframework.cloud.openfeign.FeignClient
import org.springframework.security.oauth2.client.registration.ClientRegistration
import org.springframework.security.oauth2.core.OAuth2AccessToken
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
import org.springframework.web.bind.annotation.GetMapping
import wiremock.com.fasterxml.jackson.databind.node.JsonNodeFactory
import java.time.Duration
import java.util.UUID
@SpringBootTest
@AutoConfigureWireMock(port = 0)
internal class DevExchangeOauth2FeignRequestInterceptorTest {
@Test
fun oauth( @Autowired fooRepo: FooRepo) {
ClientRegistration.withRegistrationId("...").principal(null)
}
}
now I'm mad at myself for not doing a better job of documentating the location. I can swear I saw it 3 times on the same page...
Comment From: xenoterracide
yep, in my hours and hours of hunting down how to do client credentials without a servlet container I confused these 2
OAuth2AuthorizeRequest.withClientRegistrationId("").principal(null)
ClientRegistration.withRegistrationId("...").principal(null)
Comment From: jzheaux
Glad you were able to sort it out.