spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Allow AbstractRestClientOAuth2AccessTokenResponseClient to be extended

Open bmorris591 opened this issue 1 year ago • 0 comments

I have a legacy OAuth2 API I need to use, and it requires the use of a password grant. Support for password grants was removed in AbstractRestClientOAuth2AccessTokenResponseClient so when I tried to migrate my OAuth2 configuration to use the new RestClient based OAuth2AccessTokenResponseClient I could not. At least not for the password grant.

I tried to implement my own, but the constructor of AbstractRestClientOAuth2AccessTokenResponseClient is package private so it cannot be extended. I did not want to copy all the code, as that is a maintainability nightmare.

Consider making AbstractRestClientOAuth2AccessTokenResponseClient extensible for this use case, even though password grants are deprecated there are still many out in the wild.

As a workaround I've created the package org.springframework.security.oauth2.client.endpoint in my own project, which allows me to extend. Obviously that doesn't work with JPMS - and it's also a nasty hack.

bmorris591 avatar Oct 19 '24 07:10 bmorris591