spring boot 2.0.3 oauth2 google and facebook authentication

[dani-t]

Summary

spring boot 2.0.3 oauth2 google and facebook authentication

Actual Behavior

Expected Behavior

After checking a few resources and the spring security oauth2 docs https://docs.spring.io/spring-security/site/docs/current/reference/html5/#jc-oauth2login I am expecting that all this code will configure the application as an @EnableWebFlux with @EnableWebFluxSecurity and will configure the default ClientRepository with the clients provided in properties file.

They say when you access your app you will get a list with the clients you added. Instead I receive a basic authentication mechanism. Any idea what is happening or am I doing something wrong?

Configuration

compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.0.3.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-webflux', version: '2.0.3.RELEASE'
runtime('org.springframework.boot:spring-boot-devtools')
compile group: 'org.springframework.security', name: 'spring-security-config', version: '5.0.6.RELEASE'
compile group: 'org.springframework.security', name: 'spring-security-oauth2-client', version: '5.0.6.RELEASE'
compile group: 'org.springframework.security', name: 'spring-security-oauth2-jose', version: '5.0.6.RELEASE'

@SpringBootApplication
public class App{

    public static void main(String[] args) {
        SpringApplication.run(App.class, args);
    }
}

spring.security.oauth2.client.registration.google.client-id=x
spring.security.oauth2.client.registration.google.client-secret=y
spring.security.oauth2.client.registration.facebook.client-id=x
spring.security.oauth2.client.registration.facebook.client-secret=y

Version

2.0.3

Sample

[jgrandja]

@dani-t WebFlux support for oauth2Login() was added recently. Have you seen this sample?

Also, the Boot auto-configuration support has yet to be added to Boot. It currently resides in the sample.

[dani-t]

@jgrandja I have already taken a look at the sample but I cannot figure out where the problem is.
Wham am I missing?
What I understand from your comment is that the boot auto-configuration is not supported yet.

[jgrandja]

@dani-t Correct, the Boot auto-configuration support for WebFlux oauth2Login() has not been added to Spring Boot 2.1 milestone. The sample includes the Boot auto-configuration classes as a temporary placeholder until it's added to Boot. So in order to get your sample working you need to copy the following files into your project as well:

https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2login-webflux/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client
** Copy all files in same package/directory structure

https://github.com/spring-projects/spring-security/blob/master/samples/boot/oauth2login-webflux/src/main/resources/META-INF/spring.factories
** Copy in the same directory structure

Try this out, it should work.

[jgrandja]

I just found out that Boot has added the auto-configuration support to 2.1.M1. See this issue.

So instead of copying the files as suggested in my previous comment, use Boot 2.1.M1 instead.

[hartmut-co-uk]

Hi, I'm just experimenting with 2.1.0.BUILD-SNAPSHOT.
With the new auto-configuration (amazing by the way) - if I'd like to have different routes from e.g.
/oauth2/authorization/github
/login/oauth2/code/github
Where / how would I be able to overwrite that configuration?

[hartmut-co-uk]

have struggled a bit to get it working with the current SNAPSHOT version.
Had to add following both dependencies:

compile "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.0.1.RELEASE"
compile "org.springframework.security:spring-security-oauth2-client"

By the way the OAuth2LoginSpec is missing and() for chaining...
public ServerHttpSecurity and() { return ServerHttpSecurity.this; }

[hartmut-co-uk]

+ with the 2nd dependency in place I now have found OAuth2LoginAuthenticationFilter & OAuth2AuthorizationRequestRedirectFilter allowing to override URIs the usual way...

I think org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
needs to allow to set/override oauthRedirectFilter
and requiresAuthenticationMatcher to allow to customise the path(s) for the AuthenticationWebFilter

authenticationFilter.setRequiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));

As I hijacked another issues - should I raise this separately here as a github issue or directly on JIRA?

[hartmut-co-uk]

done, #5598

[jgrandja]

@dani-t Have you tried this with Boot 2.1.M1? The M1 release includes the auto-configuration support for WebFlux oauth2Login().

I'd appreciate if you could close this issue after you have confirmed that it works (as it should) with Boot 2.1.M1

[jgrandja]

@dani-t I'm going to close this issue due to lack of feedback. If you are still having an issue than we can re-open.