You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The way to configure a ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> in OAuth2LoginSpec is inconsistent.
More specifically:
OAuth2LoginReactiveAuthenticationManager constructor is called over getOauth2UserService() which search for a bean of type ReactiveOAuth2UserService, else fallback on DefaultReactiveOAuth2UserService
OidcReactiveOAuth2UserService is instanciated by its default constructor, without relying on getOauth2UserService()
private ReactiveOAuth2UserService<OidcUserRequest, OidcUser> getOidcUserService() {
ResolvableType type = ResolvableType.forClassWithGenerics(ReactiveOAuth2UserService.class,
OidcUserRequest.class, OidcUser.class);
ReactiveOAuth2UserService<OidcUserRequest, OidcUser> bean = getBeanOrNull(type);
if (bean != null) {
return bean;
}
return new OidcReactiveOAuth2UserService();
}
This leads to inconsistent ReactiveOAuth2UserService through the components created by OAuth2LoginSpec.
To Reproduce
@EnableWebFluxSecurity
@Import({
CustomOAuth2UserService.class,
})
@Slf4j
@SpringBootApplication(scanBasePackages = "none")
public class InconsistentOAuth2UserDetailsServiceApp {
public static class CustomOAuth2UserService extends DefaultOAuth2UserService {
}
@Bean
public SecurityWebFilterChain configureUi(ServerHttpSecurity http) {
return http.build();
}
public static void main(String[] args) {
SpringApplication.run(InconsistentOAuth2UserDetailsServiceApp.class);
}
}
Expected behavior
Given a bean of type ReactiveOAuth2UserService, it should be injected to all components needed one, especially OidcReactiveOAuth2UserService, as it is done for OAuth2LoginReactiveAuthenticationManager
The text was updated successfully, but these errors were encountered:
Describe the bug
The way to configure a
ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>
inOAuth2LoginSpec
is inconsistent.More specifically:
OAuth2LoginReactiveAuthenticationManager
constructor is called overgetOauth2UserService()
which search for a bean of typeReactiveOAuth2UserService
, else fallback onDefaultReactiveOAuth2UserService
OidcReactiveOAuth2UserService
is instanciated by its default constructor, without relying ongetOauth2UserService()
This leads to inconsistent
ReactiveOAuth2UserService
through the components created byOAuth2LoginSpec
.To Reproduce
Expected behavior
Given a bean of type
ReactiveOAuth2UserService
, it should be injected to all components needed one, especiallyOidcReactiveOAuth2UserService
, as it is done forOAuth2LoginReactiveAuthenticationManager
The text was updated successfully, but these errors were encountered: