jamesdube/Spring WebFlux Security- Client config - OAuth2.0 Client Credentials Flow.md

## application.yaml
##################################################################################
##################################################################################
######### IF YOU FOUND THIS GIST USEFUL, PLEASE LEAVE A STAR. THANKS. ############
##################################################################################
##################################################################################


spring:
  security:
    oauth2:
      client:
        provider:
          <provider-name>:
            issuer-uri: <issuer-uri implementing OIDC>
        registration:
          <provider-name>:
            client-id: <client-id>
            client-secret: <client-secret>
            scope: <comma separated scopes>
            authorization-grant-type: client_credentials

OR

spring:
  security:
    oauth2:
      client:
        provider:
          <provider-name>:
            token-uri: <token-uri of provider implementing OIDC>
        registration:
          <provider-name>:
            client-id: <client-id>
            client-secret: <client-secret>
            scope: <comma separated scopes>
            authorization-grant-type: client_credentials

## build.gradle
plugins {
	id 'org.springframework.boot' version '2.3.1.RELEASE'
	id 'io.spring.dependency-management' version '1.0.9.RELEASE'
	id 'java'
}
//Relevant dependencies
dependencies {
	implementation 'org.springframework.boot:spring-boot-starter-webflux'
	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
}

## sample request
webClient.get()
        .uri(<protected resource uri which you want to access>)
        .attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>))
        .retrieve()
        .bodyToMono(String.class)
        .map(string
            -> "Retrieved using Client Credentials Grant Type: " + string)
        .subscribe(LOGGER::info);

## Spring WebFlux Security- Client config - OAuth2.0 Client Credentials Flow.md

      
    Raw
  

              Spring WebFlux Security- Client config - OAuth2.0 Client Credentials Flow.md
            
          
    This gist describes the configuration required for Spring reactive WebClient to make a call to an OAuth2 protected resource through OAuth2.0 Client Credentials Grant Type Flow.
Assumption is that the Authorization Server supports OpenId Connect 1.0 specifications.

  
## websecurityconfiguration.java
@EnableWebFluxSecurity
public class WebSecurityConfiguration {
  @Bean
  public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
      ReactiveClientRegistrationRepository clientRegistrationRepository,
      ReactiveOAuth2AuthorizedClientService authorizedClientService) {

    ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
        ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
            .clientCredentials()
            .build();

    AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
        new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
            clientRegistrationRepository, authorizedClientService);
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

    return authorizedClientManager;
  }
  @Bean
  public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
    ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
    return WebClient.builder().filter(oauth).build();
  }

  @Bean
  public SecurityWebFilterChain configure(ServerHttpSecurity http) {
	return http
		.oauth2Client()
		.and()
		.build();
  }
}
	##################################################################################
	##################################################################################
	######### IF YOU FOUND THIS GIST USEFUL, PLEASE LEAVE A STAR. THANKS. ############
	##################################################################################
	##################################################################################


	spring:
	security:
	oauth2:
	client:
	provider:
	<provider-name>:
	issuer-uri: <issuer-uri implementing OIDC>
	registration:
	<provider-name>:
	client-id: <client-id>
	client-secret: <client-secret>
	scope: <comma separated scopes>
	authorization-grant-type: client_credentials

	OR

	spring:
	security:
	oauth2:
	client:
	provider:
	<provider-name>:
	token-uri: <token-uri of provider implementing OIDC>
	registration:
	<provider-name>:
	client-id: <client-id>
	client-secret: <client-secret>
	scope: <comma separated scopes>
	authorization-grant-type: client_credentials
	plugins {
	id 'org.springframework.boot' version '2.3.1.RELEASE'
	id 'io.spring.dependency-management' version '1.0.9.RELEASE'
	id 'java'
	}
	//Relevant dependencies
	dependencies {
	implementation 'org.springframework.boot:spring-boot-starter-webflux'
	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
	}
	webClient.get()
	.uri(<protected resource uri which you want to access>)
	.attributes(clientRegistrationId(<The Provider name specified under registration in app yaml>))
	.retrieve()
	.bodyToMono(String.class)
	.map(string
	-> "Retrieved using Client Credentials Grant Type: " + string)
	.subscribe(LOGGER::info);
	@EnableWebFluxSecurity
	public class WebSecurityConfiguration {
	@Bean
	public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
	ReactiveClientRegistrationRepository clientRegistrationRepository,
	ReactiveOAuth2AuthorizedClientService authorizedClientService) {

	ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
	ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
	.clientCredentials()
	.build();

	AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
	new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
	clientRegistrationRepository, authorizedClientService);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
	}
	@Bean
	public WebClient webClient(ReactiveOAuth2AuthorizedClientManager authorizedClientManager) {
	ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
	return WebClient.builder().filter(oauth).build();
	}

	@Bean
	public SecurityWebFilterChain configure(ServerHttpSecurity http) {
	return http
	.oauth2Client()
	.and()
	.build();
	}
	}