Expired JWT token for Feign client call when OAuth2 grant_type is client_credentials

[darnok87]

Hi, After fixing token relay in spring-cloud-security 1.2.1.RELEASE I have problem with expiring OAuth2 JWT token. My application is configured with @EnableOAuth2Client, @EnableResourceServer and security.oauth2.client.grantType=client_credentials. Also I am using Feign clients in async tasks.

When I call endpoint secured with OAuth2 to activate async tasks I am sending JWT token generated for resource owner (grantType=password). This token is valid for 5 minutes and is copied to OAuth2ClientContext. Next when Feign client is calling another application from async task, token is relayed. When I call same endpoint second time after 5 minutes with new resource owner token, I am getting exception. After debugging I found that Feign client is getting HTTP 401 - Token expired and this problem is caused by not refreshed token in OAuth2ClientContext.

I was expecting that Feign clients from async task will use token generated for my application with client_credentials flow, not relay token passed in user reguest which will never be refreshed.

To fix this problem below configuration should be enabled only when property security.oauth2.client.grantType is diffrent from "client_credentials" value

@Configuration
public static class ResourceServerTokenRelayRegistrationAutoConfiguration extends WebMvcConfigurerAdapter {

		@Autowired
		AccessTokenContextRelay accessTokenContextRelay;

		@Override
		public void addInterceptors(InterceptorRegistry registry) {
			registry.addInterceptor(

					new HandlerInterceptorAdapter() {
						@Override
						public boolean preHandle(HttpServletRequest request,
												 HttpServletResponse response, Object handler) throws Exception {
							accessTokenContextRelay.copyToken();
							return true;
						}
					}

			);
		}
}