Expected Behavior
Add some support for OIDC Discovery endpoint Configuration URL like This Document from IBM WAS
Finally it will looks like.
spring.security.oauth2.client.provider.[providerId].well-known-uri
it can reduce a lot of properties configuration should mantained by idP.
google:
well-known-uri: "https://accounts.google.com/.well-known/openid-configuration"
user-name-attribute: sub
Current Behavior
spring:
security:
oauth2:
client:
provider:
okta:
authorization-uri: https://your-subdomain.oktapreview.com/oauth2/v1/authorize
token-uri: https://your-subdomain.oktapreview.com/oauth2/v1/token
user-info-uri: https://your-subdomain.oktapreview.com/oauth2/v1/userinfo
user-name-attribute: sub
jwk-set-uri: https://your-subdomain.oktapreview.com/oauth2/v1/keys
Context It's an enhancement for oauth2-client some product. Can reduce a lot of configuration.
And I see some related class well be .
org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper
org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.Provider
About the dependency issue. spring-security-oauth2-client require spring-web. I think it won't be a fuzzy to use RestTemplate or just directly use URLConnection
[INFO] | +- org.springframework.security:spring-security-oauth2-client:jar:6.4.2:compile (version managed from 6.4.2)
[INFO] | | +- (org.springframework.security:spring-security-core:jar:6.4.2:compile - version managed from 6.4.2; omitted for duplicate)
[INFO] | | +- org.springframework.security:spring-security-oauth2-core:jar:6.4.2:compile (version managed from 6.4.2)
[INFO] | | | +- (org.springframework.security:spring-security-core:jar:6.4.2:compile - version managed from 6.4.2; omitted for duplicate)
[INFO] | | | +- (org.springframework:spring-core:jar:6.2.1:compile - version managed from 6.2.1; omitted for duplicate)
[INFO] | | | \- (org.springframework:spring-web:jar:6.2.1:compile - version managed from 6.2.1; omitted for duplicate)
[INFO] | | +- (org.springframework.security:spring-security-web:jar:6.4.2:compile - version managed from 6.4.2; omitted for duplicate)
[INFO] | | +- (org.springframework:spring-core:jar:6.2.1:compile - version managed from 6.2.1; omitted for duplicate)
[INFO] | | \- com.nimbusds:oauth2-oidc-sdk:jar:9.43.4:compile
[INFO] | | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] | | +- com.nimbusds:content-type:jar:2.2:compile
[INFO] | | +- (net.minidev:json-smart:jar:2.5.1:compile - version managed from [1.3.3,2.4.10]; omitted for duplicate)
[INFO] | | +- com.nimbusds:lang-tag:jar:1.7:compile
[INFO] | | \- (com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile - omitted for duplicate)
Comment From: sjohnr
@eeoun thanks for reaching out!
Add some support for OIDC Discovery endpoint Configuration URL
This is already supported, as documented Spring Boot Property Mappings with the note:
A
ClientRegistrationcan be initially configured using discovery of an OpenID Connect Provider’s Configuration endpoint or an Authorization Server’s Metadata endpoint, by specifying thespring.security.oauth2.client.provider.[providerId].issuer-uriproperty.
I'm going to close this issue as already supported.