SpringBoot Spring Security OAuth2 Client Authorized Clients for Spring MVC

Spring Security OAuth2 Client only supports authorized clients with WebClient, not RestTemplate (https://docs.spring.io/spring-security/reference/6.1/reactive/oauth2/client/authorized-clients.html).

While WebClient works for Spring MVC (Servlet), ReactiveOAuth2ClientAutoConfiguration is only enabled if the application is a reactive web application: https://github.com/spring-projects/spring-boot/blob/ae50fa6c70bbfa6871632c1d5f63fc255af6c500/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientAutoConfiguration.java#L43-L56

Trying to use authorized clients with WebClient for Spring MVC fails because there is no ReactiveClientRegistrationRepository bean.

Therefore at the moment, it is not possible to use Spring Security OAuth2 Client Authorized Clients with Spring MVC.

Is there any issue enabling ReactiveOAuth2ClientAutoConfiguration even if the application is not a reactive web application? If not, maybe the @Conditional can be removed from ReactiveOAuth2ClientAutoConfiguration.

Comment From: wilkinsona

Thanks for the suggestion. Things used to work this way but the conditions were changed based on a recommendation from @rwinch. Some changes to this were discussed in https://github.com/spring-projects/spring-boot/issues/27839 but it didn't really reach a conclusion.

Have you seen this Spring Security sample that @mbhave linked to in #27839? It shows how a WebClient that uses authorized clients can be set up in a Servlet environment.

Comment From: daniel-shuy

My bad, didn't notice the documentation under the servlet applications section (https://docs.spring.io/spring-security/reference/6.1/servlet/oauth2/client/authorized-clients.html), I'll close this issue, thanks for the quick reply!