Closed
Description
To specify a custom OAuth2AuthorizedClientProvider requires specifying a number of other things as well:
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientService) {
var custom = new JwtBearerReactiveOAuth2AuthorizedClientProvider();
custom.setClockSkew(Duration.ofMinutes(2));
var authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}It would be nice to be able to focus only on the provider itself, like so:
@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
var jwtBearer = new JwtBearerOAuth2AuthorizedClientProvider();
jwtBearer.setClockSkew(Duration.ofMinutes(2));
return jwtBearer;
}It seems like this is already the pattern that is encouraged by the fact that OAuth2ClientConfiguration looks for the other components of OAuth2AuthorizedClientManager as beans.
I think it would be good to further simplify this configuration by also deprecating the lookup of OAuth2AccessTokenResponseClient for client credentials since this is a couple of layers of configuration deep. Instead, I think it would be better for folks to do:
@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
var clientCredentials = new ClientCredentialsOAuth2AuthorizedClientProvider();
clientCredentials.setAccessTokenResponseClient(custom);
return clientCredentials;
}Or if more are needed then:
@Bean
public OAuth2AuthorizedClientProvider authorizedClientProvider() {
return OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode().clientCredentials((client) -> client.accessTokenResponseClient(custom))
.build();
}