-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OAuth2AuthorizedClientManager
autoconfiguration without spring-boot-starter-web
dependency
#15877
Comments
@yvasyliev thanks for reaching out! I think there might be some overlapping concepts regarding Spring Boot outlined in this issue, that should be clarified before we can discuss your use case.
Because of the above, some of what you ask in the issue isn't quite accurate in context. Also, I don't think this request could simply be moved to Spring Boot because much of what you're asking for here is still specific to Spring Security, but would not be implemented the way you mention above (using Spring Boot features). Regarding your use case:
When Spring Security automatically configures an
The presence of Spring Security itself is only automatically set up in Spring Boot web applications (e.g. when
I'm sorry you feel that it is too much boilerplate code. However, I think the bean configuration in your example is fairly reasonable and minimal given that what you're requesting isn't supported out of the box. Considering that the above is context for how things work now, what I think this request ends up asking is whether Spring Security can provide some kind of feature for initializing a non-web application with OAuth2 Client features, specifically using This is an interesting request and could be a compelling use case. For requests like this, we typically want to see how many users in the community are asking for this before deciding to tackle it. We do that by tracking upvotes on open issues over time and if quite a lot of community interest is demonstrated, we would decide to prioritize it at that point. Make sense? |
@sjohnr thanks for such a detailed explanation! I 100% agree. Let's see if anyone else needs this feature. 😊 |
Expected Behavior
I would like
org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
to be an autoconfigured bean based onapplication.yml
properties, and without havingspring-boot-starter-web
dependency.My desirable state would be the following:
pom.xml
application.yml
MyServiceConfig.java
I would expect
oAuth2AuthorizedClientManager
to be an instance oforg.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
, because it exists outside the servlet context.Current Behavior
The application above fails to start:
Console output
If I add
spring-boot-starter-web
dependency to the project, theoAuth2AuthorizedClientManager
bean will be automatically created:pom.xml
But at the same time I'm having:
oAuth2AuthorizedClientManager
is instance oforg.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
.spring.main.web-application=none
property will disable server startup andOAuth2AuthorizedClientManager
autoconfiguration.Context
I'm building a Spring Boot (not web!) application that communicates with external REST services. I want to utilize HTTP Interface based on
RestClient
with OAuth interceptor. And I don't really want to addspring-boot-starter-web
to my project, because it includes HTTP server that I won't use.It would be awesome if
OAuth2AuthorizedClientManager
bean was automatically created in case ofspring.security.oauth2.client.*
properties existence inapplication.yml
just likespring-boot-starter-web
does.I can achieve the desired outcome by manual
OAuth2AuthorizedClientManager
configuration:MyServiceConfig.java
But there's too much boilerplate code.
The text was updated successfully, but these errors were encountered: