To make your web-app into an OAuth2 client you can simply add @EnableOAuth2Client and
Spring Boot will create an OAuth2ClientContext and OAuth2ProtectedResourceDetails that
are necessary to create an OAuth2RestOperations. Spring Boot does not automatically
create such bean but you can easily create your own:
@Bean public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) { return new OAuth2RestTemplate(details, oauth2ClientContext); }
![[Note]](images/note.png) | Note |
|---|---|
|
You may want to add a qualifier and review your configuration as more than one
|
This configuration uses security.oauth2.client.* as credentials (the same as you might
be using in the Authorization Server), but in addition it will need to know the
authorization and token URIs in the Authorization Server. For example:
application.yml.
security: oauth2: client: clientId: bd1c0a783ccdd1c9b9e4 clientSecret: 1a9030fbca47a5b2c28e92f19050bb77824b5ad1 accessTokenUri: https://github.com/login/oauth/access_token userAuthorizationUri: https://github.com/login/oauth/authorize clientAuthenticationScheme: form
An application with this configuration will redirect to Github for authorization when you
attempt to use the OAuth2RestTemplate. If you are already signed into Github you won’t
even notice that it has authenticated. These specific credentials will only work if your
application is running on port 8080 (register your own client app in Github or other
provider for more flexibility).
To limit the scope that the client asks for when it obtains an access token you can set
security.oauth2.client.scope (comma separated or an array in YAML). By default the scope
is empty and it is up to Authorization Server to decide what the defaults should be,
usually depending on the settings in the client registration that it holds.
| Note |
|---|---|
|
There is also a setting for |
![[Tip]](images/tip.png) | Tip |
|---|---|
|
In a non-web application you can still create an |