Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I'm implementing an OAuth2 client in Spring Boot 2, using Spring Security 5. I'm unclear how I'm supposed to use OAuth2AuthorizedClientManager vs OAuth2AuthorizedClientService . OAuth2AuthorizedClientManger was introduced in 5.2 so it's a newer API, but OAuth2AuthorizedClientService seems like a more polished client interface. I expected OAuthe2AuthorizedClientService would be configurable with a OAuth2AuthorizedClientManager but that doesn't seem to be the case.

Importantly, I needed to customize the OAuth2AccessTokenResponseHttpMessageConverter to customize the request sent to the authorization server. That's available on the OAuth2AuthorizedClientManager but I can't figure out how to do that from the OAuthe2AuthorizedClientService .

My code that registers a OAuth2AccessTokenResponseHttpMessageConverter.

  @Bean
  public OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,
                                                               OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
    DefaultClientCredentialsTokenResponseClient defaultClientCredentialsTokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
    defaultClientCredentialsTokenResponseClient.setRequestEntityConverter(new OAuth2ClientCredentialsGrantJWTAssertionRequestEntityConverter());
    OAuth2AuthorizedClientProvider authorizedClientProvider =
        OAuth2AuthorizedClientProviderBuilder.builder()
          .clientCredentials(clientCredentialsGrantBuilder -> {
            clientCredentialsGrantBuilder.accessTokenResponseClient(defaultClientCredentialsTokenResponseClient);
          .build();
    OAuth2AuthorizedClientManager authorizedClientManager
        = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService);
    ((AuthorizedClientServiceOAuth2AuthorizedClientManager)authorizedClientManager).setAuthorizedClientProvider(authorizedClientProvider);
    return authorizedClientManager;
                @peater, our auth server uses JWT assertions (tools.ietf.org/html/rfc7523) instead of client I'd and client secret
– pnewhook
                Nov 18, 2019 at 19:33
                if you need to send a custom request I think you want to customize OAuth2AuthorizationCodeGrantRequestEntityConverter
– peater
                Nov 18, 2019 at 20:11
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.