Spring Security Confusion over userNameAttributeName usage during loading in DefaultOAuth2UserService#loadUser

Describe the bug In the process of oidc authentication by default oauth2 client, I think DefaultOAuth2UserService#loadUser can directly parse the information sent from the oidcUserInfo json by the request userinfo endpoint correctly.

But in return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName); No subject exception is thrown in java.lang.IllegalArgumentException: Missing attribute 'sub' in attributes

To Reproduce just use authorization server and enable oidc ,client enable oauth2 maven dependency is :

      <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
        <version>3.1.2</version>
      </dependency>

Expected behavior I don't have to spring.security.oauth2.client.provider.meta-live-client-web.user-name-attribute set, So in the loadUser method, the default userNameAttributeName is sub, and I'm pretty sure I've set sub in the userInfo endpoint, During debug, the client can see that a sub and a subject exist for userAttributes, but the exception is still raised during construction of DefaultOAuth2User.I think that is a bug.

Comment From: 588q9

here is my problem happen field:

public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes,
            String nameAttributeKey) {
        Assert.notEmpty(attributes, "attributes cannot be empty");
        Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
        if (!attributes.containsKey(nameAttributeKey)) {
            throw new IllegalArgumentException("Missing attribute '" + nameAttributeKey + "' in attributes");
        }
        this.authorities = (authorities != null)
                ? Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities)))
                : Collections.unmodifiableSet(new LinkedHashSet<>(AuthorityUtils.NO_AUTHORITIES));
        this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes));
        this.nameAttributeKey = nameAttributeKey;
    }

if (!attributes.containsKey(nameAttributeKey)) is that problem key,I sure attributes is have a claims that have sub,but in this field I just can see subject in the attributes first(In fact,in the attributes All arguments are spelled in full only the claims are abbreviated), so that can't check attributes have sub

Comment From: sjohnr

Thanks for reaching out @588q9! Apologies with the delay but I only found this issue while reviewing older issues. Unfortunately, I am not able to determine whether there is any issue with the framework from the information provided. Please provide a minimal, reproducible sample to help with troubleshooting. If you aren't able to provide one, I will go ahead and close this issue.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

Comment From: Relect

same problem