CredHub reactive OAuth2 autoconfiguration overrides Spring Boot defaults
Closed this issue · 2 comments
CredHub configuration works for Client Credentials grant, but fails for Authorization Code flow, so using OAuth2 login when CredHub is on the classpath requires overriding the bean manually. Not sure if that is an issue that needs to be fixed or just a matter of documenting the defaults.
When CredHub is on the classpath, CredHubOAuth2AutoConfiguration is triggered and it registers a bean of type ServerOAuth2AuthorizedClientRepository with value UnAuthenticatedServerOAuth2AuthorizedClientRepository.
Spring Boot uses AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository bean for that type.
Steps to reproduce:
- Clone the demo app: https://github.com/alek-sys/credhub-oauth-config
- Register GitHub app at https://github.com/settings/developers
- Configure client id and secret for the app
- Start the application and go to http://localhost:8080 (sorry there is no automatic test, it is hard to automate since OAuth2 login flow requires user input)
- Application fails with:
There was an unexpected error (type=Internal Server Error, status=500).
serverWebExchange must be null
Creating a user bean of type ServerOAuth2AuthorizedClientRepository manually (see CredHubOauthConfigApplication.java) in the configuration fixes the problem (as it overrides autoconfiguration).
The OAuth2 auto-configuration in Spring CredHub is intended to provide sensible default implementations of required beans when no other implementations are provided, similar to what Spring Boot's auto-configuration does. The Spring CredHub auto-configuration is configured to run before Spring Boot's auto-configuration, for reasons I can't remember off the top of my head. We'll have to review this ordering again and see what refinements can be made.
Fixed via aa2ae34