spring-security/docs/modules/ROOT/pages/reactive/oauth2/access-token.adoc

[[webflux-oauth2-client]]
= OAuth2 Client

Spring Security's OAuth Support allows obtaining an access token without authenticating.
A basic configuration with Spring Boot can be seen below:

[source,yml]
----
spring:
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: replace-with-client-id
            client-secret: replace-with-client-secret
            scope: read:user,public_repo
----

You will need to replace the `client-id` and `client-secret` with values registered with GitHub.

The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.

.OAuth2 Client
====
.Java
[source,java,role="primary"]
----
@Bean
SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
	http
		// ...
		.oauth2Client(withDefaults());
	return http.build();
}
----


.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http {
        // ...
        oauth2Client { }
    }
}
----
====

You can now leverage Spring Security's <<webclient>> or <<webflux-roac,@RegisteredOAuth2AuthorizedClient>> support to obtain and use the access token.
Add WebFlux @RegisteredOAuth2AuthorizedClient Reference Fixes: gh-5864 2018-09-18 23:24:09 +08:00			`[[webflux-oauth2-client]]`
			`= OAuth2 Client`
Add WebFlux OAuth2 Client Reference Fixes: gh- 5865 2018-09-18 22:55:49 +08:00
			`Spring Security's OAuth Support allows obtaining an access token without authenticating.`
			`A basic configuration with Spring Boot can be seen below:`

			`[source,yml]`
			`----`
			`spring:`
			`security:`
			`oauth2:`
			`client:`
			`registration:`
			`github:`
			`client-id: replace-with-client-id`
			`client-secret: replace-with-client-secret`
Client OAuth2 properties to use scope not scopes OAuth2ClientProperties.Registration (which captures .properties and .yml for OAuth2 Client) has a member `scope` but not `scopes`. Samples and documentation were using `scopes` and have now been updated to use `scope`. Fixes gh-6510 2019-02-08 21:41:03 +08:00			`scope: read:user,public_repo`
Add WebFlux OAuth2 Client Reference Fixes: gh- 5865 2018-09-18 22:55:49 +08:00			`----`

			You will need to replace the `client-id` and `client-secret` with values registered with GitHub.

			`The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.`

Kotlin OAuth2 client WebFlux samples Issue gh-8172 2020-07-27 15:34:37 +08:00			`.OAuth2 Client`
			`====`
			`.Java`
			`[source,java,role="primary"]`
Add WebFlux OAuth2 Client Reference Fixes: gh- 5865 2018-09-18 22:55:49 +08:00			`----`
			`@Bean`
			`SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {`
			`http`
			`// ...`
Support nested builder in DSL for reactive apps Fixes: gh-7107 2019-07-22 21:31:10 +08:00			`.oauth2Client(withDefaults());`
Add WebFlux OAuth2 Client Reference Fixes: gh- 5865 2018-09-18 22:55:49 +08:00			`return http.build();`
			`}`
			`----`

Kotlin OAuth2 client WebFlux samples Issue gh-8172 2020-07-27 15:34:37 +08:00
			`.Kotlin`
			`[source,kotlin,role="secondary"]`
			`----`
			`@Bean`
			`fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {`
			`return http {`
			`// ...`
			`oauth2Client { }`
			`}`
			`}`
			`----`
			`====`

Add WebFlux @RegisteredOAuth2AuthorizedClient Reference Fixes: gh-5864 2018-09-18 23:24:09 +08:00			`You can now leverage Spring Security's <<webclient>> or <<webflux-roac,@RegisteredOAuth2AuthorizedClient>> support to obtain and use the access token.`