Describe the bug
As pointed out by @rgambelli in this question, applications always are detected as being resource servers by spring-addons-starter-oidc.
This is because spring-security-oauth2-resource-server always is on the classpath when spring-addons-starter-oidc is.
Expected behaviorspring-security-oauth2-resource-server (as well as spring-security-oauth2-client and spring-webflux) should be on the classpath only if the app using spring-addons-starter-oidc asks for it
ch4mpy
commented
5 months ago
Describe the bug As pointed out by @rgambelli in this question, applications always are detected as being resource servers by
spring-addons-starter-oidc.This is because
spring-security-oauth2-resource-serveralways is on the classpath whenspring-addons-starter-oidcis.Expected behavior
spring-security-oauth2-resource-server(as well asspring-security-oauth2-clientandspring-webflux) should be on the classpath only if the app usingspring-addons-starter-oidcasks for it