Describe the bug Auth Manager
Despite doing this,
@Configuration
internal class OAuth2AuthorizedManagerConfig {
private val logger: Logger = LoggerFactory.getLogger(OAuth2AuthorizedManagerConfig::class.java)
@Bean
fun reactiveAuthorizedClientManager(
reactiveClientRegistrationRepository: ReactiveClientRegistrationRepository,
redisServerOAuth2AuthorizedClientRepository: RedisServerOAuth2AuthorizedClientRepository,
reactiveAuthorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider,
): ReactiveOAuth2AuthorizedClientManager {
logger.info("Creating DefaultReactiveOAuth2AuthorizedClientManager instance")
// create the AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager instance
val reactiveAuthorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
reactiveClientRegistrationRepository,
redisServerOAuth2AuthorizedClientRepository
)
logger.info("Setting ReactiveOAuth2AuthorizedClientProvider")
// set the authorized client provider to the manager
reactiveAuthorizedClientManager.setAuthorizedClientProvider(reactiveAuthorizedClientProvider)
logger.info("ReactiveOAuth2AuthorizedClientManager configured successfully")
return reactiveAuthorizedClientManager
}
}
Security Chain
And adding this to my security chain:
``` http.oauth2Login { oauth2 -> oauth2.authorizationRequestResolver(oauthAuthorizationRequestResolver) oauth2.authorizationRequestRepository(redisAuthorizationRequestRepository)
oauth2.authorizationRedirectStrategy(preAuthorizationCodeRedirectStrategy)
oauth2.authenticationSuccessHandler(delegatingAuthenticationSuccessHandler)
oauth2.authenticationFailureHandler(oauth2ServerAuthenticationFailureHandler)
oauth2.securityContextRepository(redisSecurityContextRepository)
**oauth2.authorizedClientRepository(redisAuthorizedClientRepository)**
oauth2.clientRegistrationRepository(reactiveClientRegistrationRepository)
}
```
It did not work....
Instead, I had to additionally add this to the security chain (I left the reactiveAuthorizedClientManager as it was, calling the repository implementation)
oauth2.authorizedClientService(redisReactiveOAuth2AuthorizedClientService)
Only then did this work.
To Reproduce Steps to reproduce the behavior.
Expected behavior
Given that the Redis implementation of redisReactiveOAuth2AuthorizedClientService and redisAuthorizedClientRepository are almost exactly the same, there should really be no reason to have to hook redisReactiveOAuth2AuthorizedClientService into the security chain, when redisAuthorizedClientRepository is hooked already, and also present in reactiveAuthorizedClientManager.
Or maybe I'm missing something?
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Reports that include a sample will take priority over reports that do not. At times, we may require a sample, so it is good to try and include a sample up front.
Comment From: dreamstar-enterprises
I think I resolved this. I removed authorizedClientService from my main security chain. I think there is a class that says if you cannot find authorizedClientRepository, then instead use the Service. But the Service implementation is slightly different, and. has no access to the exchange. Anyway, I completely removed my service implementation, and everything seemed to work . Closing issue
Comment From: dreamstar-enterprises
Closing