SpringBoot Support empty issuer-uri in OAuth2 provider

When using a custom OAuth2 provider then its discovery occurs during the application startup which complicate the use of HTTP mock servers.

If the application defines a default issuer-uri - in order to ease configuration management in multiple environments - then it is not possible to reset the value to null in unit tests.

spring:
  security:
    oauth2:
      client:
        registration:
          example-client-api1:
            provider: my-company-oauth2-server
            client-id: xxx
            client-secret: xxx
            authorization-grant-type: client_credentials
            scope: scope1
        provider:
          my-company-oauth2-server:
            issuer-uri: https://my-company-oauth2-server/oauth2

Defining spring.security.oauth2.client.provider.my-company-oauth2-server.issuer-uri= results in the property being an empty string. The consequence is that the unit test will call the discovery endpoint even if we define a custom endpoint (access_token in this case). This is due to the behavior of OAuth2ClientPropertiesRegistrationAdapter#getBuilderFromIssuerIfPossible

I often use mock-server which allows an actual connection made to an HTTP server with dynamic port. Since the OAuth2 discovery occurs during the application start, many mock server (in this case mock-server) make it difficult or complicated to use a dynamic port and set up expectations before the Spring application initialization.

This evolution make Spring Boot consider that an empty issuer-uri is similar to an unspecified one, thus making easy to configure a test with no issuer:

    @MockServerTest({
        "spring.security.oauth2.client.provider.my-company-oauth2-server.issuer-uri=",
        "spring.security.oauth2.client.provider.my-company-oauth2-server.token-uri=http://localhost:${mockServerPort}/oauth2/access_token"
    })

An alternative with the current implementation is to define the issuer-uri in a profile, which is activated by default and deactivated in the tests.

Comment From: wilkinsona

Thanks for the proposal. We have already considered making this change in https://github.com/spring-projects/spring-boot/issues/28139 and decided not to do so. Defining the issuer URI in a profile is our recommended approach at this time. https://github.com/spring-projects/spring-boot/issues/24133 is tracking a more general solution.

Comment From: natrem

Sorry for missing the issue in my search (not thorough enough) - and the lost time. Thank you for checking.