search

spring-attic / spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
http://github.com/spring-projects/spring-security-oauth
Apache License 2.0
4.69k stars 4.05k forks source link

Configuring security.oauth2.client but NOT security.oauth2.resource #1207

Open alvgarvilla opened 6 years ago

alvgarvilla commented 6 years ago

I have my resource server where I want to configure the security.oauth2.client properties:

security:
  oauth2:
    client:
      clientId: my-service-id
      clientSecret: my-service-id-secret
      accessTokenUri: http://auth-server/uaa/oauth/token
      grant-type: client_credentials
      scope: server

But I do not want to use security.oauth2.resource properties, neither tokenInfoUri/userInfoUri nor key-value. I want to use _JwtAccessTokenConverter.setSigningKey("mykey").

The problem is, if I define security.oauth2.client, OAuth2AutoConfiguration will create the a bean of ResourceServerProperties, which will validate whether I have any of the security.oauth2.resource properties set or not.

As a workaround, I am setting a dummy value for security.oauth2.resource.user-info-uri just to pass the validation, but I am pretty sure there is a better way. Thanks in advance!

stieler-it commented 6 years ago

Did you find a better solution?