Add auto-config for spring-security-oauth2-client

Closes gh-10497

Author: mbhave

spring-boot-autoconfigure/pom.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
@@ -532,6 +533,16 @@
 			<artifactId>spring-security-webflux</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-jwt-jose</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-client</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.session</groupId>
 			<artifactId>spring-session-core</artifactId>

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/AuthorizationGrantType.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+/**
+ * OAuth 2.0 authorization grant types supported by Spring Boot.
+ *
+ * @author Madhura Bhave
+ * @author Phillip Webb
+ * @since 2.0.0
+ */
+public enum AuthorizationGrantType {
+
+	/**
+	 * An {@code "authorization_code"} grant type.
+	 */
+	AUTHORIZATION_CODE(
+			org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
+
+	private final org.springframework.security.oauth2.core.AuthorizationGrantType type;
+
+	AuthorizationGrantType(
+			org.springframework.security.oauth2.core.AuthorizationGrantType type) {
+		this.type = type;
+	}
+
+	org.springframework.security.oauth2.core.AuthorizationGrantType getType() {
+		return this.type;
+	}
+
+}

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientAuthenticationMethod.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+/**
+ * OAuth 2.0 client authentication methods supported by Spring Boot.
+ *
+ * @author Madhura Bhave
+ * @author Phillip Webb
+ * @since 2.0.0
+ * @see org.springframework.security.oauth2.core.ClientAuthenticationMethod
+ */
+public enum ClientAuthenticationMethod {
+
+	/**
+	 * HTTP BASIC client authentication.
+	 */
+	BASIC(org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC),
+
+	/**
+	 * HTTP POST client authentication.
+	 */
+	POST(org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST);
+
+	private final org.springframework.security.oauth2.core.ClientAuthenticationMethod method;
+
+	ClientAuthenticationMethod(
+			org.springframework.security.oauth2.core.ClientAuthenticationMethod method) {
+		this.method = method;
+	}
+
+	org.springframework.security.oauth2.core.ClientAuthenticationMethod getMethod() {
+		return this.method;
+	}
+
+}

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/CommonOAuth2Provider.java

@@ -0,0 +1,118 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+
+/**
+ * Common OAuth2 Providers that can be used to create
+ * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
+ * builders} pre-configured with sensible defaults.
+ *
+ * @author Phillip Webb
+ * @since 2.0.0
+ */
+public enum CommonOAuth2Provider {
+
+	GOOGLE {
+
+		@Override
+		public Builder getBuilder(String registrationId) {
+			ClientRegistration.Builder builder = getBuilder(registrationId,
+					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			builder.scope("openid", "profile", "email", "address", "phone");
+			builder.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
+			builder.tokenUri("https://www.googleapis.com/oauth2/v4/token");
+			builder.jwkSetUri("https://www.googleapis.com/oauth2/v3/certs");
+			builder.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo");
+			builder.clientName("Google");
+			return builder;
+		}
+
+	},
+
+	GITHUB {
+
+		@Override
+		public Builder getBuilder(String registrationId) {
+			ClientRegistration.Builder builder = getBuilder(registrationId,
+					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			builder.scope("user");
+			builder.authorizationUri("https://github.com/login/oauth/authorize");
+			builder.tokenUri("https://github.com/login/oauth/access_token");
+			builder.userInfoUri("https://api.github.com/user");
+			builder.userNameAttributeName("name");
+			builder.clientName("GitHub");
+			return builder;
+		}
+
+	},
+
+	FACEBOOK {
+
+		@Override
+		public Builder getBuilder(String registrationId) {
+			ClientRegistration.Builder builder = getBuilder(registrationId,
+					ClientAuthenticationMethod.POST, DEFAULT_REDIRECT_URL);
+			builder.scope("public_profile", "email");
+			builder.authorizationUri("https://www.facebook.com/v2.8/dialog/oauth");
+			builder.tokenUri("https://graph.facebook.com/v2.8/oauth/access_token");
+			builder.userInfoUri("https://graph.facebook.com/me");
+			builder.userNameAttributeName("name");
+			builder.clientName("Facebook");
+			return builder;
+		}
+
+	},
+
+	OKTA {
+
+		@Override
+		public Builder getBuilder(String registrationId) {
+			ClientRegistration.Builder builder = getBuilder(registrationId,
+					ClientAuthenticationMethod.BASIC, DEFAULT_REDIRECT_URL);
+			builder.scope("openid", "profile", "email", "address", "phone");
+			builder.clientName("Okta");
+			return builder;
+		}
+
+	};
+
+	private static final String DEFAULT_REDIRECT_URL = "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}";
+
+	protected final ClientRegistration.Builder getBuilder(String registrationId,
+			ClientAuthenticationMethod method, String redirectUri) {
+		ClientRegistration.Builder builder = new ClientRegistration.Builder(registrationId);
+		builder.clientAuthenticationMethod(method);
+		builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
+		builder.redirectUri(redirectUri);
+		return builder;
+	}
+
+	/**
+	 * Create a new
+	 * {@link org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
+	 * ClientRegistration.Builder} pre-initialized with the provider settings.
+	 * @param registrationId the registration-id used with the new builder
+	 * @return a builder instance
+	 */
+	public abstract ClientRegistration.Builder getBuilder(String registrationId);
+
+}

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientAutoConfiguration.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+
+/**
+ * {@link EnableAutoConfiguration Auto-configuration} for OAuth client support.
+ *
+ * @author Madhura Bhave
+ * @author Phillip Webb
+ * @since 2.0.0
+ */
+@Configuration
+@AutoConfigureBefore(SecurityAutoConfiguration.class)
+@ConditionalOnClass({ EnableWebSecurity.class, ClientRegistration.class })
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+@Import({ OAuth2ClientRegistrationRepositoryConfiguration.class,
+		OAuth2WebSecurityConfiguration.class })
+public class OAuth2ClientAutoConfiguration {
+
+}
+