spring-cloud-config icon indicating copy to clipboard operation
spring-cloud-config copied to clipboard
verified publisher icon spring-cloud

Add OAuth2 support in spring-config-client

Open prafsoni opened this issue 2 months ago • 6 comments

Resolves #2348

  • Adds support for OAuth2 in spring-cloud-client using spring-security-oauth2-client.
  • Introduces OAuth2 configurations under spring.cloud.config.oauth2.*.
  • OAuth2 Support is disabled (spring.cloud.config.oauth2.enabled: false) by default to maintain existing behavior.
  • Adds spring-cloud-config-client-oauth2-tests module for OAuth2 support integration tests

prafsoni avatar Nov 11 '25 19:11 prafsoni

Thanks. I will need to set aside some time to deep dive on this after our GA release.

Also would love @jgrandja to take a look as well.

ryanjbaxter avatar Nov 11 '25 22:11 ryanjbaxter

Thanks. I will need to set aside some time to deep dive on this after our GA release.

Also would love @jgrandja to take a look as well.

@ryanjbaxter Thanks for the review. Since the changes are not disruptive. So, I was hoping this would make it to 5.0.0. I do understand this is a bit of an ask given that GA is so close. If there is something I could do to make it a possibility, please do let me know.

prafsoni avatar Nov 11 '25 22:11 prafsoni

So, I was hoping this would make it to 5.0.0. I do understand this is a bit of an ask given that GA is so close. If there is something I could do to make it a possibility, please do let me know.

The RC1 release is already in progress and everyone is focused on that and then the GA after. It will have to wait, I'm afraid.

spencergibb avatar Nov 11 '25 22:11 spencergibb

If I have some time I will take a look at it but as Spencer said we have a lot on our plate between now and GA and we don't want to rush this, we want to make sure we get it right.

Unfortunately this major has been a challenge for the Spring Cloud team as we try to keep up with the incoming changes from Spring Boot and Spring Framework. We did not have as much time as we would have liked to put in new features into Spring Cloud.

ryanjbaxter avatar Nov 11 '25 23:11 ryanjbaxter

@prafsoni I took a look at the PR and it introduces the password grant, which has been removed in OAuth 2.1, as well as Spring Security 7.0. This will need to get addressed when we revisit the PR after the majors are out.

jgrandja avatar Nov 12 '25 11:11 jgrandja

@prafsoni I took a look at the PR and it introduces the password grant, which has been removed in OAuth 2.1, as well as Spring Security 7.0. This will need to get addressed when we revisit the PR after the majors are out.

@jgrandja Thanks for the review, Since, I didnot add anything that is not in spring-security I would expect it to be automatically addressed with the dependency upgrade. Please, do let me know if I need to take any additional steps.

prafsoni avatar Nov 18 '25 02:11 prafsoni