Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

What is the difference between DefaultOAuth2AuthorizedClientManager and AuthorizedClientServiceOAuth2AuthorizedClientManager

Ask Question

Looking at the documentation , the only recommendation I found is

The DefaultOAuth2AuthorizedClientManager is designed to be used within the context of a HttpServletRequest. When operating outside of a HttpServletRequest context, use AuthorizedClientServiceOAuth2AuthorizedClientManager instead.

I could test that WebClient calls hang using the DefaultOAuth2AuthorizedClientManager outside the scope of a servlet request, however, nothing weird happens if I use AuthorizedClientServiceOAuth2AuthorizedClientManager inside the context of a servlet request. Then, what's the difference between the two of them?

The main difference as you noted from the docs is where they would be used. This may be less obvious from the outside looking in, but would be more obvious inside the framework. But perhaps an easier way to explain why they're different is to look at what they encapsulate.


    DefaultOAuth2AuthorizedClientManager

uses a


    OAuth2AuthorizedClientRepository

which has a method signature of


    loadAuthorizedClient(String clientRegistrationId, Authentication principal, HttpServletRequest request)


    AuthorizedClientServiceOAuth2AuthorizedClientManager

uses a


    OAuth2AuthorizedClientService

which has a method signature of


    loadAuthorizedClient(String clientRegistrationId, String principalName)

So DefaultOAuth2AuthorizedClientManager is what I guess you'd call "request based" and AuthorizedClientServiceOAuth2AuthorizedClientManager is "service based", which really just means everything else.

The API docs will be helpful here:

DefaultOAuth2AuthorizedClientManager

AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Update:

What would be the added value to have the request as a parameter?

As an interface, declaring that the loadAuthorizedClient method accepts the request as a parameter means any future implementation can use the request to influence its decision. The default implementation ( DefaultOAuth2AuthorizedClientManager ) does this, since the HttpSessionOAuth2AuthorizedClientRepository utilizes the request to access the session.

Thanks for the explanation Steve, but I'm still not sure I get the difference. What would be the added value to have the request as a parameter? – gmariotti May 13, 2021 at 9:36 As an interface, declaring that the


    loadAuthorizedClient

method accepts the request as a parameter means any future implementation can use the request to influence its decision. The default implementation does this, since the


    HttpSessionOAuth2AuthorizedClientRepository

utilizes the request to access the session. – Steve Riesenberg May 13, 2021 at 14:49

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question . Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .