Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent ReactiveOAuth2UserService in OAuth2LoginSpec #15846

Open
blacelle opened this issue Sep 24, 2024 · 1 comment · May be fixed by #15848
Open

Inconsistent ReactiveOAuth2UserService in OAuth2LoginSpec #15846

blacelle opened this issue Sep 24, 2024 · 1 comment · May be fixed by #15848
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@blacelle
Copy link

Describe the bug
The way to configure a ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> in OAuth2LoginSpec is inconsistent.

More specifically:

  • OAuth2LoginReactiveAuthenticationManager constructor is called over getOauth2UserService() which search for a bean of type ReactiveOAuth2UserService, else fallback on DefaultReactiveOAuth2UserService
  • OidcReactiveOAuth2UserService is instanciated by its default constructor, without relying on getOauth2UserService()
		private ReactiveAuthenticationManager createDefault() {
			[...]
			OAuth2LoginReactiveAuthenticationManager oauth2Manager = new OAuth2LoginReactiveAuthenticationManager(
					client, getOauth2UserService());

		private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
			ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
					OidcUserRequest.class, OidcUser.class);
			ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
			if (bean != null) {
				return bean;
			}
			return new OidcReactiveOAuth2UserService();
		}

This leads to inconsistent ReactiveOAuth2UserService through the components created by OAuth2LoginSpec.

To Reproduce

@EnableWebFluxSecurity
@Import({

		CustomOAuth2UserService.class,

})
@Slf4j
@SpringBootApplication(scanBasePackages = "none")
public class InconsistentOAuth2UserDetailsServiceApp {
	public static class CustomOAuth2UserService extends DefaultOAuth2UserService {

	}

	@Bean
	public SecurityWebFilterChain configureUi(ServerHttpSecurity http) {

		return http.build();
	}

	public static void main(String[] args) {
		SpringApplication.run(InconsistentOAuth2UserDetailsServiceApp.class);
	}

}

Expected behavior
Given a bean of type ReactiveOAuth2UserService, it should be injected to all components needed one, especially OidcReactiveOAuth2UserService, as it is done for OAuth2LoginReactiveAuthenticationManager
@blacelle blacelle added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 24, 2024
@blacelle
Copy link
Author

Workaround: provide a OidcReactiveOAuth2UserService bean with relevant ReactiveOAuth2UserService:

	@Bean
	public OidcReactiveOAuth2UserService oidcReactiveOAuth2UserService(
			ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService) {
		OidcReactiveOAuth2UserService oidcReactiveOAuth2UserService = new OidcReactiveOAuth2UserService();

		oidcReactiveOAuth2UserService.setOauth2UserService(oauth2UserService);

		return oidcReactiveOAuth2UserService;
	}

kse-music added a commit to kse-music/spring-security that referenced this issue Sep 25, 2024
@kse-music
Auto config OidcReactiveOAuth2UserService When Oauth2UserService bean…
6dad2ab 
… is Present

Closes spring-projectsgh-15846
@kse-music kse-music linked a pull request Sep 25, 2024 that will close this issue
Open
jzheaux pushed a commit to kse-music/spring-security that referenced this issue Sep 30, 2024
@kse-music @jzheaux
Use Oauth2UserService bean in OidcReactiveOAuth2UserService
60587f8 
Closes spring-projectsgh-15846
kse-music added a commit to kse-music/spring-security that referenced this issue Oct 4, 2024
@kse-music
Use Oauth2UserService bean in OidcReactiveOAuth2UserService
ea672fa 
Closes spring-projectsgh-15846
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
1 participant
@blacelle