Spring Security security:client-registrations doesn't take propertyconfigurer properties

Using Spring Security 5.3.1.RELEASE

I use XML based configuration for most security setup as I have customizations that need to be dynamically processed.

Using <security:client-registrations... Everything works fine if I hardcode the client-id and client-secret but using a propertyConfigurer the values aren't used.

I have this setup for the propertyConfigurer

<context:property-placeholder location="file:${app.properties}"/>

app.properties contains these values:

oauth2.client.id=<redacted> oauth2.client.secret=<redacted>

client-registrations is setup like this:

<security:client-registrations>
    <security:client-registration registration-id="github"
                         client-id="${oauth2.client.id}"
                         client-secret="${oauth2.client.secret}"
                         provider-id="github"/>
  </security:client-registrations>

Values are not propagated even though in other beans (not in the security namespace) are propagated through the propertyConfigurer.

Comment From: jgrandja

@richardcs Property placeholders are not taken into account with the initial support for xml config. This would be an enhancement we can certainly add.

Would you be interested in submitting a PR for this?

Comment From: richardcs

I can definitely take a look. Could you give me some pointers about how that enhancement would be added?

Comment From: jgrandja

@richardcs I would have to spend some time myself to figure out how it can be done. Please see if you can figure it out and if you're having issues then I can jump in and help out.

Comment From: rwinch

@richardcs Thanks for looking into this See if this commit helps you https://github.com/spring-projects/spring-security/commit/4542f00b14ba6dc8bb8c1cf4365dc7dad5fe5a3c

Comment From: evgeniycheban

I can work on it.

Comment From: jgrandja

Thanks @evgeniycheban ! The issue is yours.

Comment From: evgeniycheban

@jgrandja I've submitted PR. Please take a look when you have a moment.

Comment From: abhishek-bafna-amdhan

@jzheaux I am wondering if a similar issue might also apply to SAML integration within Spring Security. I have encountered the same issue and created an issue https://github.com/spring-projects/spring-security/issues/14645