Package org.springframework.security.oauth2.client.registration

Class ClientRegistrations

java.lang.Object

org.springframework.security.oauth2.client.registration.ClientRegistrations

public final class ClientRegistrations
extends Object

Allows creating a ClientRegistration.Builder from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer.

Since:

5.1

Method Summary

Modifier and Type	Method	Description
static ClientRegistration.Builder	fromIssuerLocation(String issuer)	Creates a ClientRegistration.Builder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.
static ClientRegistration.Builder	fromOidcIssuerLocation(String issuer)	Creates a ClientRegistration.Builder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

fromOidcIssuerLocation

public static ClientRegistration.Builder fromOidcIssuerLocation(String issuer)

Creates a ClientRegistration.Builder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

For example, if the issuer provided is "https://example.com", then an "OpenID Provider Configuration Request" will be made to "https://example.com/.well-known/openid-configuration". The result is expected to be an "OpenID Provider Configuration Response".

Example usage:

 ClientRegistration registration = ClientRegistrations.fromOidcIssuerLocation("https://example.com")
     .clientId("client-id")
     .clientSecret("client-secret")
     .build();
 

Parameters:

issuer - the Issuer

Returns:

a ClientRegistration.Builder that was initialized by the OpenID Provider Configuration.

fromIssuerLocation

public static ClientRegistration.Builder fromIssuerLocation(String issuer)

Creates a ClientRegistration.Builder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without attempting subsequent endpoints. The three endpoints are computed as follows, given that the issuer is composed of a host and a path:

1. host/.well-known/openid-configuration/path, as defined in RFC 8414's Compatibility Notes.
2. issuer/.well-known/openid-configuration, as defined in OpenID Provider Configuration.
3. host/.well-known/oauth-authorization-server/path, as defined in Authorization Server Metadata Request.

Note that the second endpoint is the equivalent of calling fromOidcIssuerLocation(String).

Example usage:

 ClientRegistration registration = ClientRegistrations.fromIssuerLocation("https://example.com")
     .clientId("client-id")
     .clientSecret("client-secret")
     .build();
 

Parameters:

issuer -

Returns:

a ClientRegistration.Builder that was initialized by one of the described endpoints