Ease spring OAuth2 resource-servers configuration and testing
spring-addons-starter-oidc
)spring-addons-starter-oidc
a Spring Boot starter pushing OAuth2 clients & resource server security auto-configuration to the next levelspring-addons-oauth2-test
annotations for populating test security-context with OAuth2 authentication instancesspring-addons-starter-oidc-test
ease unit-tests in applications using spring-addons-starter-oidc
spring-addons-starter-rest
experimental auto-configuration for RestClient
, WebClient
and @HttpExchange
proxies (base-URL, Basic & OAuth2 Bearer auth)Just added a Sponsor this project link to the repo ;-)
The OAuth2 BFF tutorial is now on Baeldung. It was deeply refreshed in the process and now contains samples for Angular, React (Next.js) and Vue (Vite).
In 7.6.0
, the experimental support for RestClient
and WebClient
builders as well as @HttpExchange
(the successor of @FeignClient
) is moved to a dedicated starter: spring-addons-starter-rest
. As a reminder, it helps to get pre-configured client builders and @HttpExchange
proxies with this clients
7.5.0
comes with an important refactoring of the way JWT decoder(s) configuration is resolved. This greatly eases "dynamic" multi-tenant scenarios implementation. The only noticeable breaking change is the removal of SpringAddonsOidcProperties::getOpProperties
. This feature is now the responsibility of the newly introduced OpenidProviderPropertiesResolver
. The default implementation resolves properties with an exact match on issuer (just as getOpProperties
was doing). As usual, auto-configured bean backs-off if you expose one to use another properties resolving strategy.
Important warning for those using @WithJwt
(and since 7.3.0
, @WithMockJwtAuth
) but not spring-addons-starter-oidc
: you should expose your JWT converter as a bean. See spring-addons-oauth2-test
README for details.
With spring-addons-starter-oidc
, you might need 0 Java conf, even in scenarios like:
audience
required by Auth0)Testing access control requires to configure the test security context. For that, spring-security-test
provides with MockMvc
request post-processors and WebTestClient
mutators, but this can work only in the context of a request, which limits its usage to controllers.
To test any type of @Component
(@Controller
, off course, but also @Service
and @Repository
) there are only two options:
Useful resources:
spring-addons-starter-oidc