Update sample to use OpenID Connect and Provider Configuration endpoint

Issue gh-53 gh-55

samples/boot/oauth2-integration/authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java

@@ -23,9 +23,11 @@ import org.springframework.security.crypto.key.CryptoKeySource;
 import org.springframework.security.crypto.key.StaticKeyGeneratingCryptoKeySource;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
 
 import java.util.UUID;
 
@@ -45,8 +47,11 @@ public class AuthorizationServerConfig {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
 				.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
+				.redirectUri("http://localhost:8080/login/oauth2/code/messaging-client-oidc")
 				.redirectUri("http://localhost:8080/authorized")
+				.scope(OidcScopes.OPENID)
 				.scope("message.read")
 				.scope("message.write")
 				.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
@@ -59,4 +64,9 @@ public class AuthorizationServerConfig {
 	public CryptoKeySource keySource() {
 		return new StaticKeyGeneratingCryptoKeySource();
 	}
+
+	@Bean
+	public ProviderSettings providerSettings() {
+		return new ProviderSettings().issuer("http://auth-server:9000");
+	}
 }

samples/boot/oauth2-integration/client/src/main/java/sample/config/SecurityConfig.java

@@ -40,10 +40,10 @@ public class SecurityConfig {
 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests(authorizeRequests ->
-				authorizeRequests.anyRequest().permitAll()
+				authorizeRequests.anyRequest().authenticated()
 			)
-			.logout()
-				.disable()
+			.oauth2Login(oauth2Login ->
+				oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))
 			.oauth2Client(withDefaults());
 		return http.build();
 	}

samples/boot/oauth2-integration/client/src/main/resources/application.yml

@@ -16,6 +16,14 @@ spring:
     oauth2:
       client:
         registration:
+          messaging-client-oidc:
+            provider: spring
+            client-id: messaging-client
+            client-secret: secret
+            authorization-grant-type: authorization_code
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+            scope: openid
+            client-name: messaging-client-oidc
           messaging-client-authorization-code:
             provider: spring
             client-id: messaging-client
@@ -23,16 +31,17 @@ spring:
             authorization-grant-type: authorization_code
             redirect-uri: "{baseUrl}/authorized"
             scope: message.read,message.write
+            client-name: messaging-client-authorization-code
           messaging-client-client-credentials:
             provider: spring
             client-id: messaging-client
             client-secret: secret
             authorization-grant-type: client_credentials
             scope: message.read,message.write
+            client-name: messaging-client-client-credentials
         provider:
           spring:
-            authorization-uri: http://auth-server:9000/oauth2/authorize
-            token-uri: http://auth-server:9000/oauth2/token
+            issuer-uri: http://auth-server:9000
 
 messages:
   base-uri: http://localhost:8090/messages

samples/boot/oauth2-integration/resourceserver/src/main/resources/application.yml

@@ -14,4 +14,4 @@ spring:
     oauth2:
       resourceserver:
         jwt:
-          jwk-set-uri: http://auth-server:9000/oauth2/jwks
+          issuer-uri: http://auth-server:9000