Im posting here because cant get a working example of oauth2 client implementation in spring boot 3.5.7
This is my first time ever implementing this type of authentication and cant manage to make it work.
im trying to figure out what to do by looking the documentation here
I've been provided with 2 apis:
- https://myapi/.../openid-connect/token (this is the only uri i have, i dont have an issuer-uri)
request:
grant_type -> client_credentials
client_secret -> mysecret
scope -> openid
client_id -> mycompanyname
response:
access_token
- https://anotherapi/mylist
request:
- Bearer Token access_token
Here are the steps i followed:
create a spring boot app with oaut2client and starter web
yaml file as follows:
security: oauth2: client: registration: my-client: provider: my-provider client-id: mycompanyname client-secret: mysecret authorization-grant-type: client_credentials scope: openid provider: day-provider: token-uri: https://myapi/.../openid-connect/tokenthen i follow this part
so i setup the following beans@Bean public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() { return new RestClientClientCredentialsTokenResponseClient(); }i don't think i need to customize my request/response so i skip to where i create the following bean
@Bean public OAuth2AuthorizedClientManager authorizedClientManager( ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository) { OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder() .clientCredentials() .build(); DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( clientRegistrationRepository, authorizedClientRepository); authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); return authorizedClientManager; }Then, when i create the
@Controller public class OAuth2ClientController { @Autowired private OAuth2AuthorizedClientManager authorizedClientManager; @GetMapping("/") public String index(Authentication authentication, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("okta") .principal(authentication) .attributes(attrs -> { attrs.put(HttpServletRequest.class.getName(), servletRequest); attrs.put(HttpServletResponse.class.getName(), servletResponse); }) .build(); OAuth2AuthorizedClient authorizedClient = this.authorizedClientManager.authorize(authorizeRequest); OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); // ... return "index"; } }and i will try to access the "/" endpoint i get an exception:
IllegalArgumentException: principal cannot be null.
if i try to access /oauth2/authorization/my-client i get this exception instead
Invalid Authorization Grant Type (client_credentials) for Client Registration with Id: my-client
And of course, if i try to access the second api, i'll get an exception again.
I don't use reactive programming so im not using spring WebClient@RestController public class TestController { private final RestClient restClient; public TestController(RestClient restClient) { this.restClient = restClient; } @GetMapping("/sites") public SiteListResponse listaLocali(@RequestParam String vat) { return this.restClient.get() .uri("https://anotherapi/mylist?vat_number=" + vat) .attributes(clientRegistrationId("my-client")) .retrieve() .body(SiteListResponse.class); } }I’m not the quickest learner, I’m more of a visual learner, and find hard to understand the documentation at first, so please don't be mean thanks.
I tried to follow some videos like this one but doesn't seem to solve my problem.