Package org.springframework.security.oauth2.client.registration

Class ClientRegistrations

java.lang.Object
org.springframework.security.oauth2.client.registration.ClientRegistrations
public final class ClientRegistrations extends Object
Allows creating a ClientRegistration.Builder from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer.
Since:
5.1

  • Method Details

    • fromOidcConfiguration

      public static ClientRegistration.Builder fromOidcConfiguration(Map<String,Object> configuration)
      Creates a ClientRegistration.Builder using the provided map representation of an OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

      This is useful when the OpenID Provider Configuration is not available at a well-known location, or if custom validation is needed for the issuer location (e.g. if the issuer is only accessible from a back-channel URI that is different from the issuer value in the configuration).

      Example usage: 

       RequestEntity<Void> request = RequestEntity.get(metadataEndpoint).build();
 ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<>() {};
 Map<String, Object> configuration = rest.exchange(request, typeReference).getBody();
 // Validate configuration.get("issuer") as per in the OIDC specification
 ClientRegistration registration = ClientRegistrations.fromOidcConfiguration(configuration)
     .clientId("client-id")
     .clientSecret("client-secret")
     .build();
      Parameters:
      the - OpenID Provider configuration map
      Returns:
      the ClientRegistration built from the configuration

    • fromOidcIssuerLocation

      public static ClientRegistration.Builder fromOidcIssuerLocation(String issuer)
      Creates a ClientRegistration.Builder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

      For example, if the issuer provided is "https://example.com", then an "OpenID Provider Configuration Request" will be made to "https://example.com/.well-known/openid-configuration". The result is expected to be an "OpenID Provider Configuration Response".

      Example usage: 

       ClientRegistration registration = ClientRegistrations.fromOidcIssuerLocation("https://example.com")
     .clientId("client-id")
     .clientSecret("client-secret")
     .build();
      Parameters:
      issuer - the Issuer
      Returns:
      a ClientRegistration.Builder that was initialized by the OpenID Provider Configuration.

    • fromIssuerLocation

      public static ClientRegistration.Builder fromIssuerLocation(String issuer)
      Creates a ClientRegistration.Builder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. If an endpoint returns anything other than a 200 or a 4xx, the method will exit without attempting subsequent endpoints. The three endpoints are computed as follows, given that the issuer is composed of a host and a path:
      1. host/.well-known/openid-configuration/path, as defined in RFC 8414's Compatibility Notes.
      2. issuer/.well-known/openid-configuration, as defined in OpenID Provider Configuration.
      3. host/.well-known/oauth-authorization-server/path, as defined in Authorization Server Metadata Request.
      Note that the second endpoint is the equivalent of calling fromOidcIssuerLocation(String).

      Example usage: 

       ClientRegistration registration = ClientRegistrations.fromIssuerLocation("https://example.com")
     .clientId("client-id")
     .clientSecret("client-secret")
     .build();
      Parameters:
      issuer -
      Returns:
      a ClientRegistration.Builder that was initialized by one of the described endpoints