Deprecate ClientRegistration.redirectUriTemplate

Closes gh-8906

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -2129,7 +2129,7 @@ public final class HttpSecurity extends
 	 * 			.clientSecret("google-client-secret")
 	 * 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 	 * 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-	 * 			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+	 * 			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 	 * 			.scope("openid", "profile", "email", "address", "phone")
 	 * 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 	 * 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -2223,7 +2223,7 @@ public final class HttpSecurity extends
 	 * 			.clientSecret("google-client-secret")
 	 * 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 	 * 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-	 * 			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+	 * 			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 	 * 			.scope("openid", "profile", "email", "address", "phone")
 	 * 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 	 * 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")

config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java

@@ -114,7 +114,7 @@ public final class ClientRegistrationsBeanDefinitionParser implements BeanDefini
 					.map(AuthorizationGrantType::new)
 					.ifPresent(builder::authorizationGrantType);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI))
-					.ifPresent(builder::redirectUriTemplate);
+					.ifPresent(builder::redirectUri);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_SCOPE))
 					.map(StringUtils::commaDelimitedListToSet)
 					.ifPresent(builder::scope);

config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java

@@ -101,7 +101,7 @@ public enum CommonOAuth2Provider {
 		ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(registrationId);
 		builder.clientAuthenticationMethod(method);
 		builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
-		builder.redirectUriTemplate(redirectUri);
+		builder.redirectUri(redirectUri);
 		return builder;
 	}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java

@@ -106,7 +106,7 @@ public class OAuth2ClientConfigurerTests {
 			.clientSecret("secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/client-1")
+			.redirectUri("{baseUrl}/client-1")
 			.scope("user")
 			.authorizationUri("https://provider.com/oauth2/authorize")
 			.tokenUri("https://provider.com/oauth2/token")

config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java

@@ -114,7 +114,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
 				.clientId("google-client-id")
 				.clientSecret("google-client-secret")
-				.redirectUriTemplate("http://localhost/callback/google")
+				.redirectUri("http://localhost/callback/google")
 				.scope("scope1", "scope2")
 				.build();
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
@@ -238,7 +238,7 @@ public class OAuth2ClientBeanDefinitionParserTests {
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.clientId(clientRegistration.getClientId())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.state("state")
 				.attributes(attributes)

config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java

@@ -151,7 +151,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
+		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
 
@@ -181,7 +181,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
+		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo("Google");
 
@@ -205,7 +205,7 @@ public class ClientRegistrationsBeanDefinitionParserTests {
 		assertThat(githubRegistration.getClientSecret()).isEqualTo("github-client-secret");
 		assertThat(githubRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(githubRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
+		assertThat(githubRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(githubRegistration.getClientName()).isEqualTo("Github");
 

config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java

@@ -53,7 +53,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Google");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -76,7 +76,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("read:user");
 		assertThat(registration.getClientName()).isEqualTo("GitHub");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -99,7 +99,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.POST);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("public_profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Facebook");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -124,7 +124,7 @@ public class CommonOAuth2ProviderTests {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Okta");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-client.adoc

@@ -156,7 +156,7 @@ public final class ClientRegistration {
 	private String clientSecret;	<3>
 	private ClientAuthenticationMethod clientAuthenticationMethod;	<4>
 	private AuthorizationGrantType authorizationGrantType;	<5>
-	private String redirectUriTemplate;	<6>
+	private String redirectUri;	<6>
 	private Set<String> scopes;	<7>
 	private ProviderDetails providerDetails;
 	private String clientName;	<8>
@@ -185,7 +185,7 @@ public final class ClientRegistration {
 The supported values are *basic*, *post* and *none* https://tools.ietf.org/html/rfc6749#section-2.1[(public clients)].
 <5> `authorizationGrantType`: The OAuth 2.0 Authorization Framework defines four https://tools.ietf.org/html/rfc6749#section-1.3[Authorization Grant] types.
  The supported values are `authorization_code`, `client_credentials` and `password`.
-<6> `redirectUriTemplate`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
+<6> `redirectUri`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
  to after the end-user has authenticated and authorized access to the client.
 <7> `scopes`: The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.
 <8> `clientName`: A descriptive name used for the client.

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-login.adoc

@@ -114,7 +114,7 @@ The following table outlines the mapping of the Spring Boot 2.x OAuth Client pro
 |`authorizationGrantType`
 
 |`spring.security.oauth2.client.registration._[registrationId]_.redirect-uri`
-|`redirectUriTemplate`
+|`redirectUri`
 
 |`spring.security.oauth2.client.registration._[registrationId]_.scope`
 |`scopes`
@@ -266,7 +266,7 @@ public class OAuth2LoginConfig {
 			.clientSecret("google-client-secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 			.scope("openid", "profile", "email", "address", "phone")
 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -360,7 +360,7 @@ public class OAuth2LoginConfig {
 			.clientSecret("google-client-secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 			.scope("openid", "profile", "email", "address", "phone")
 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -403,7 +403,7 @@ class OAuth2LoginConfig {
                 .clientSecret("google-client-secret")
                 .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                 .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-                .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+                .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                 .scope("openid", "profile", "email", "address", "phone")
                 .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
                 .tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -854,7 +854,7 @@ class OAuth2LoginSecurityConfig : WebSecurityConfigurerAdapter() {
 
 [IMPORTANT]
 ====
-You also need to ensure the `ClientRegistration.redirectUriTemplate` matches the custom Authorization Response `baseUri`.
+You also need to ensure the `ClientRegistration.redirectUri` matches the custom Authorization Response `baseUri`.
 
 The following listing shows an example:
 
@@ -863,7 +863,7 @@ The following listing shows an example:
 return CommonOAuth2Provider.GOOGLE.getBuilder("google")
 	.clientId("google-client-id")
 	.clientSecret("google-client-secret")
-	.redirectUriTemplate("{baseUrl}/login/oauth2/callback/{registrationId}")
+	.redirectUri("{baseUrl}/login/oauth2/callback/{registrationId}")
 	.build();
 ----
 ====

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java

@@ -67,7 +67,7 @@ final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegist
 				.authorizationGrantType(
 						AUTHORIZATION_GRANT_TYPE_CONVERTER.convert(
 								findObjectNode(clientRegistrationNode, "authorizationGrantType")))
-				.redirectUriTemplate(findStringValue(clientRegistrationNode, "redirectUriTemplate"))
+				.redirectUri(findStringValue(clientRegistrationNode, "redirectUri"))
 				.scope(findValue(clientRegistrationNode, "scopes", SET_TYPE_REFERENCE, mapper))
 				.clientName(findStringValue(clientRegistrationNode, "clientName"))
 				.authorizationUri(findStringValue(providerDetailsNode, "authorizationUri"))

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java

@@ -49,7 +49,7 @@ public final class ClientRegistration implements Serializable {
 	private String clientSecret;
 	private ClientAuthenticationMethod clientAuthenticationMethod;
 	private AuthorizationGrantType authorizationGrantType;
-	private String redirectUriTemplate;
+	private String redirectUri;
 	private Set<String> scopes = Collections.emptySet();
 	private ProviderDetails providerDetails = new ProviderDetails();
 	private String clientName;
@@ -106,10 +106,32 @@ public final class ClientRegistration implements Serializable {
 	/**
 	 * Returns the uri (or uri template) for the redirection endpoint.
 	 *
-	 * @return the uri for the redirection endpoint
+	 * @deprecated Use {@link #getRedirectUri()} instead
+	 * @return the uri (or uri template) for the redirection endpoint
 	 */
+	@Deprecated
 	public String getRedirectUriTemplate() {
-		return this.redirectUriTemplate;
+		return getRedirectUri();
+	}
+
+	/**
+	 * Returns the uri (or uri template) for the redirection endpoint.
+	 *
+	 * <br />
+	 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
+	 *
+	 * <br />
+	 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
+	 *
+	 * <br />
+	 * Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
+	 * This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
+	 *
+	 * @since 5.4
+	 * @return the uri (or uri template) for the redirection endpoint
+	 */
+	public String getRedirectUri() {
+		return this.redirectUri;
 	}
 
 	/**
@@ -147,7 +169,7 @@ public final class ClientRegistration implements Serializable {
 			+ ", clientSecret='" + this.clientSecret + '\''
 			+ ", clientAuthenticationMethod=" + this.clientAuthenticationMethod
 			+ ", authorizationGrantType=" + this.authorizationGrantType
-			+ ", redirectUriTemplate='" + this.redirectUriTemplate + '\''
+			+ ", redirectUri='" + this.redirectUri + '\''
 			+ ", scopes=" + this.scopes
 			+ ", providerDetails=" + this.providerDetails
 			+ ", clientName='" + this.clientName
@@ -300,7 +322,7 @@ public final class ClientRegistration implements Serializable {
 		private String clientSecret;
 		private ClientAuthenticationMethod clientAuthenticationMethod;
 		private AuthorizationGrantType authorizationGrantType;
-		private String redirectUriTemplate;
+		private String redirectUri;
 		private Set<String> scopes;
 		private String authorizationUri;
 		private String tokenUri;
@@ -322,7 +344,7 @@ public final class ClientRegistration implements Serializable {
 			this.clientSecret = clientRegistration.clientSecret;
 			this.clientAuthenticationMethod = clientRegistration.clientAuthenticationMethod;
 			this.authorizationGrantType = clientRegistration.authorizationGrantType;
-			this.redirectUriTemplate = clientRegistration.redirectUriTemplate;
+			this.redirectUri = clientRegistration.redirectUri;
 			this.scopes = clientRegistration.scopes == null ? null : new HashSet<>(clientRegistration.scopes);
 			this.authorizationUri = clientRegistration.providerDetails.authorizationUri;
 			this.tokenUri = clientRegistration.providerDetails.tokenUri;
@@ -397,11 +419,34 @@ public final class ClientRegistration implements Serializable {
 		/**
 		 * Sets the uri (or uri template) for the redirection endpoint.
 		 *
-		 * @param redirectUriTemplate the uri for the redirection endpoint
+		 * @deprecated Use {@link #redirectUri(String)} instead
+		 * @param redirectUriTemplate the uri (or uri template) for the redirection endpoint
 		 * @return the {@link Builder}
 		 */
+		@Deprecated
 		public Builder redirectUriTemplate(String redirectUriTemplate) {
-			this.redirectUriTemplate = redirectUriTemplate;
+			return redirectUri(redirectUriTemplate);
+		}
+
+		/**
+		 * Sets the uri (or uri template) for the redirection endpoint.
+		 *
+		 * <br />
+		 * The supported uri template variables are: {baseScheme}, {baseHost}, {basePort}, {basePath} and {registrationId}.
+		 *
+		 * <br />
+		 * <b>NOTE:</b> {baseUrl} is also supported, which is the same as {baseScheme}://{baseHost}{basePort}{basePath}.
+		 *
+		 * <br />
+		 * Configuring uri template variables is especially useful when the client is running behind a Proxy Server.
+		 * This ensures that the X-Forwarded-* headers are used when expanding the redirect-uri.
+		 *
+		 * @since 5.4
+		 * @param redirectUri the uri (or uri template) for the redirection endpoint
+		 * @return the {@link Builder}
+		 */
+		public Builder redirectUri(String redirectUri) {
+			this.redirectUri = redirectUri;
 			return this;
 		}
 
@@ -575,7 +620,7 @@ public final class ClientRegistration implements Serializable {
 				}
 			}
 			clientRegistration.authorizationGrantType = this.authorizationGrantType;
-			clientRegistration.redirectUriTemplate = this.redirectUriTemplate;
+			clientRegistration.redirectUri = this.redirectUri;
 			clientRegistration.scopes = this.scopes;
 
 			ProviderDetails providerDetails = clientRegistration.new ProviderDetails();
@@ -600,7 +645,7 @@ public final class ClientRegistration implements Serializable {
 					() -> "authorizationGrantType must be " + AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
 			Assert.hasText(this.registrationId, "registrationId cannot be empty");
 			Assert.hasText(this.clientId, "clientId cannot be empty");
-			Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty");
+			Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
 			Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
 			Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
 		}
@@ -610,7 +655,7 @@ public final class ClientRegistration implements Serializable {
 					() -> "authorizationGrantType must be " + AuthorizationGrantType.IMPLICIT.getValue());
 			Assert.hasText(this.registrationId, "registrationId cannot be empty");
 			Assert.hasText(this.clientId, "clientId cannot be empty");
-			Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty");
+			Assert.hasText(this.redirectUri, "redirectUri cannot be empty");
 			Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty");
 		}
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java

@@ -244,7 +244,7 @@ public final class ClientRegistrations {
 				.scope(scopes)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.clientAuthenticationMethod(method)
-				.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
+				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.authorizationUri(metadata.getAuthorizationEndpointURI().toASCIIString())
 				.providerConfigurationMetadata(configurationMetadata)
 				.tokenUri(metadata.getTokenEndpointURI().toASCIIString())

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java

@@ -183,7 +183,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	}
 
 	/**
-	 * Expands the {@link ClientRegistration#getRedirectUriTemplate()} with following provided variables:<br/>
+	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
 	 * - baseUrl (e.g. https://localhost/app) <br/>
 	 * - baseScheme (e.g. https) <br/>
 	 * - baseHost (e.g. localhost) <br/>
@@ -194,7 +194,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 	 * <p/>
 	 * Null variables are provided as empty strings.
 	 * <p/>
-	 * Default redirectUriTemplate is: {@link org.springframework.security.config.oauth2.client}.CommonOAuth2Provider#DEFAULT_REDIRECT_URL
+	 * Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
 	 *
 	 * @return expanded URI
 	 */
@@ -225,7 +225,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
 
 		uriVariables.put("action", action == null ? "" : action);
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
 				.buildAndExpand(uriVariables)
 				.toUriString();
 	}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java

@@ -184,7 +184,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 	}
 
 	/**
-	 * Expands the {@link ClientRegistration#getRedirectUriTemplate()} with following provided variables:<br/>
+	 * Expands the {@link ClientRegistration#getRedirectUri()} with following provided variables:<br/>
 	 * - baseUrl (e.g. https://localhost/app) <br/>
 	 * - baseScheme (e.g. https) <br/>
 	 * - baseHost (e.g. localhost) <br/>
@@ -195,7 +195,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 	 * <p/>
 	 * Null variables are provided as empty strings.
 	 * <p/>
-	 * Default redirectUriTemplate is: {@link org.springframework.security.config.oauth2.client}.CommonOAuth2Provider#DEFAULT_REDIRECT_URL
+	 * Default redirectUri is: {@code org.springframework.security.config.oauth2.client.CommonOAuth2Provider#DEFAULT_REDIRECT_URL}
 	 *
 	 * @return expanded URI
 	 */
@@ -230,7 +230,7 @@ public class DefaultServerOAuth2AuthorizationRequestResolver
 		}
 		uriVariables.put("action", action);
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
 				.buildAndExpand(uriVariables)
 				.toUriString();
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/InMemoryReactiveOAuth2AuthorizedClientServiceTests.java

@@ -60,7 +60,7 @@ public class InMemoryReactiveOAuth2AuthorizedClientServiceTests {
 			Instant.now().plus(Duration.ofDays(1)));
 
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
-			.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 			.scope("read:user")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManagerTests.java

@@ -215,11 +215,11 @@ public class OAuth2LoginReactiveAuthenticationManagerTests {
 				.state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java

@@ -61,7 +61,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("https://client.com/callback/client-1")
+				.redirectUri("https://client.com/callback/client-1")
 				.scope("read", "write")
 				.authorizationUri("https://provider.com/oauth2/authorize")
 				.tokenUri(tokenUri)
@@ -295,13 +295,13 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				.clientId(clientRegistration.getClientId())
 				.state("state-1234")
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.build();
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
 				.success("code-1234")
 				.state("state-1234")
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange =
 				new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse);
@@ -320,7 +320,7 @@ public class DefaultAuthorizationCodeTokenResponseClientTests {
 				.clientSecret(registration.getClientSecret())
 				.clientAuthenticationMethod(registration.getClientAuthenticationMethod())
 				.authorizationGrantType(registration.getAuthorizationGrantType())
-				.redirectUriTemplate(registration.getRedirectUriTemplate())
+				.redirectUri(registration.getRedirectUri())
 				.scope(registration.getScopes())
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
 				.tokenUri(registration.getProviderDetails().getTokenUri())

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java

@@ -51,7 +51,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("https://client.com/callback/client-1")
+				.redirectUri("https://client.com/callback/client-1")
 				.scope("read", "write")
 				.authorizationUri("https://provider.com/oauth2/authorize")
 				.tokenUri("https://provider.com/oauth2/token")
@@ -99,7 +99,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isNull();
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
-				clientRegistration.getRedirectUriTemplate());
+				clientRegistration.getRedirectUri());
 	}
 
 	@SuppressWarnings("unchecked")
@@ -145,7 +145,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests {
 				AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234");
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo(
-				clientRegistration.getRedirectUriTemplate());
+				clientRegistration.getRedirectUri());
 		assertThat(formParameters.getFirst(OAuth2ParameterNames.CLIENT_ID)).isEqualTo("client-1");
 		assertThat(formParameters.getFirst(PkceParameterNames.CODE_VERIFIER)).isEqualTo("code-verifier-1234");
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestTests.java

@@ -55,7 +55,7 @@ public class OAuth2ClientCredentialsGrantRequestTests {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("registration-1")
 				.clientId("client-1")
 				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUriTemplate("https://localhost:8080/redirect-uri")
+				.redirectUri("https://localhost:8080/redirect-uri")
 				.authorizationUri("https://provider.com/oauth2/auth")
 				.clientName("Client 1")
 				.build();

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java

@@ -252,13 +252,13 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 				.clientId(registration.getClientId())
 				.state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(registration.getRedirectUriTemplate())
+				.redirectUri(registration.getRedirectUri())
 				.scopes(registration.getScopes())
 				.build();
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
 				.success("code")
 				.state("state")
-				.redirectUri(registration.getRedirectUriTemplate())
+				.redirectUri(registration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);
@@ -331,7 +331,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 				.clientId(registration.getClientId())
 				.state("state")
 				.authorizationUri(registration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(registration.getRedirectUriTemplate())
+				.redirectUri(registration.getRedirectUri())
 				.scopes(registration.getScopes())
 				.attributes(attributes)
 				.additionalParameters(additionalParameters)
@@ -339,7 +339,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests {
 		OAuth2AuthorizationResponse authorizationResponse = OAuth2AuthorizationResponse
 				.success("code")
 				.state("state")
-				.redirectUri(registration.getRedirectUriTemplate())
+				.redirectUri(registration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java

@@ -124,8 +124,8 @@ public class OAuth2AuthorizedClientMixinTests {
 				.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
 		assertThat(clientRegistration.getAuthorizationGrantType())
 				.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUriTemplate())
-				.isEqualTo(expectedClientRegistration.getRedirectUriTemplate());
+		assertThat(clientRegistration.getRedirectUri())
+				.isEqualTo(expectedClientRegistration.getRedirectUri());
 		assertThat(clientRegistration.getScopes())
 				.isEqualTo(expectedClientRegistration.getScopes());
 		assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
@@ -194,8 +194,8 @@ public class OAuth2AuthorizedClientMixinTests {
 				.isEqualTo(expectedClientRegistration.getClientAuthenticationMethod());
 		assertThat(clientRegistration.getAuthorizationGrantType())
 				.isEqualTo(expectedClientRegistration.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUriTemplate())
-				.isEqualTo(expectedClientRegistration.getRedirectUriTemplate());
+		assertThat(clientRegistration.getRedirectUri())
+				.isEqualTo(expectedClientRegistration.getRedirectUri());
 		assertThat(clientRegistration.getScopes())
 				.isEqualTo(expectedClientRegistration.getScopes());
 		assertThat(clientRegistration.getProviderDetails().getAuthorizationUri())
@@ -263,7 +263,7 @@ public class OAuth2AuthorizedClientMixinTests {
 				"    \"authorizationGrantType\": {\n" +
 				"      \"value\": \"" + clientRegistration.getAuthorizationGrantType().getValue() + "\"\n" +
 				"    },\n" +
-				"    \"redirectUriTemplate\": \"" + clientRegistration.getRedirectUriTemplate() + "\",\n" +
+				"    \"redirectUri\": \"" + clientRegistration.getRedirectUri() + "\",\n" +
 				"    \"scopes\": [\n" +
 				"      \"java.util.Collections$UnmodifiableSet\",\n" +
 				"      [" + scopes + "]\n" +

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java

@@ -380,13 +380,13 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 				.state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.additionalParameters(additionalParameters)
 				.attributes(attributes)
 				.build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java

@@ -67,7 +67,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(null)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -84,7 +84,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -100,7 +100,7 @@ public class ClientRegistrationTests {
 		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
 		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(REDIRECT_URI);
+		assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI);
 		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 		assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
@@ -118,7 +118,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -135,7 +135,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -152,7 +152,7 @@ public class ClientRegistrationTests {
 				.clientSecret(null)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -169,7 +169,7 @@ public class ClientRegistrationTests {
 				.clientId(CLIENT_ID)
 				.clientSecret(CLIENT_SECRET)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -186,7 +186,7 @@ public class ClientRegistrationTests {
 				.clientId(CLIENT_ID)
 				.clientSecret(null)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -203,7 +203,7 @@ public class ClientRegistrationTests {
 				.clientId(CLIENT_ID)
 				.clientSecret(" ")
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -222,7 +222,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(null)
+			.redirectUri(null)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -240,7 +240,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope((String[]) null)
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(TOKEN_URI)
@@ -257,7 +257,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(null)
 			.tokenUri(TOKEN_URI)
@@ -274,7 +274,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.tokenUri(null)
@@ -291,7 +291,7 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -308,7 +308,7 @@ public class ClientRegistrationTests {
 			.clientSecret(CLIENT_SECRET)
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope("scope1")
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -325,7 +325,7 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
 				.clientName(CLIENT_NAME)
@@ -339,7 +339,7 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -359,7 +359,7 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -377,7 +377,7 @@ public class ClientRegistrationTests {
 		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -387,7 +387,7 @@ public class ClientRegistrationTests {
 		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.IMPLICIT);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(REDIRECT_URI);
+		assertThat(registration.getRedirectUri()).isEqualTo(REDIRECT_URI);
 		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 		assertThat(registration.getProviderDetails().getAuthorizationUri()).isEqualTo(AUTHORIZATION_URI);
 		assertThat(registration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()).isEqualTo(AuthenticationMethod.FORM);
@@ -399,7 +399,7 @@ public class ClientRegistrationTests {
 		ClientRegistration.withRegistrationId(null)
 			.clientId(CLIENT_ID)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -412,7 +412,7 @@ public class ClientRegistrationTests {
 		ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(null)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -425,7 +425,7 @@ public class ClientRegistrationTests {
 		ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(null)
+			.redirectUri(null)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -439,7 +439,7 @@ public class ClientRegistrationTests {
 		ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope((String[]) null)
 			.authorizationUri(AUTHORIZATION_URI)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -452,7 +452,7 @@ public class ClientRegistrationTests {
 		ClientRegistration.withRegistrationId(REGISTRATION_ID)
 			.clientId(CLIENT_ID)
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate(REDIRECT_URI)
+			.redirectUri(REDIRECT_URI)
 			.scope(SCOPES.toArray(new String[0]))
 			.authorizationUri(null)
 			.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -465,7 +465,7 @@ public class ClientRegistrationTests {
 		ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
 				.clientId(CLIENT_ID)
 				.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.userInfoAuthenticationMethod(AuthenticationMethod.FORM)
@@ -482,7 +482,7 @@ public class ClientRegistrationTests {
 				.clientSecret(CLIENT_SECRET)
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.scope(SCOPES.toArray(new String[0]))
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
@@ -726,8 +726,8 @@ public class ClientRegistrationTests {
 				.isEqualTo(updated.getClientAuthenticationMethod());
 		assertThat(clientRegistration.getAuthorizationGrantType())
 				.isEqualTo(updated.getAuthorizationGrantType());
-		assertThat(clientRegistration.getRedirectUriTemplate())
-				.isEqualTo(updated.getRedirectUriTemplate());
+		assertThat(clientRegistration.getRedirectUri())
+				.isEqualTo(updated.getRedirectUri());
 		assertThat(clientRegistration.getScopes()).isEqualTo(updated.getScopes());
 
 		ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails();
@@ -780,7 +780,7 @@ public class ClientRegistrationTests {
 				.clientId(CLIENT_ID)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.clientAuthenticationMethod(clientAuthenticationMethod)
-				.redirectUriTemplate(REDIRECT_URI)
+				.redirectUri(REDIRECT_URI)
 				.authorizationUri(AUTHORIZATION_URI)
 				.tokenUri(TOKEN_URI)
 				.build();

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/TestClientRegistrations.java

@@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 public class TestClientRegistrations {
 	public static ClientRegistration.Builder clientRegistration() {
 		return ClientRegistration.withRegistrationId("registration-id")
-			.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 			.scope("read:user")
@@ -43,7 +43,7 @@ public class TestClientRegistrations {
 
 	public static ClientRegistration.Builder clientRegistration2() {
 		return ClientRegistration.withRegistrationId("registration-id-2")
-				.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
+				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.scope("read:user")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/OAuth2UserRequestTests.java

@@ -48,7 +48,7 @@ public class OAuth2UserRequestTests {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("https://client.com")
+				.redirectUri("https://client.com")
 				.scope(new LinkedHashSet<>(Arrays.asList("scope1", "scope2")))
 				.authorizationUri("https://provider.com/oauth2/authorization")
 				.tokenUri("https://provider.com/oauth2/token")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolverTests.java

@@ -184,7 +184,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
-				clientRegistration.getRedirectUriTemplate());
+				clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -198,7 +198,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"http://localhost:8080/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -213,7 +213,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"https://localhost:8081/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -228,7 +228,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -243,7 +243,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -258,7 +258,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 		request.setServletPath(requestUri);
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
-		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUriTemplate());
+		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"https://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -274,7 +274,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 		OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request);
 		assertThat(authorizationRequest.getRedirectUri()).isNotEqualTo(
-				clientRegistration.getRedirectUriTemplate());
+				clientRegistration.getRedirectUri());
 		assertThat(authorizationRequest.getRedirectUri()).isEqualTo(
 				"http://localhost/login/oauth2/code/" + clientRegistration.getRegistrationId());
 	}
@@ -518,7 +518,7 @@ public class DefaultOAuth2AuthorizationRequestResolverTests {
 
 	private static ClientRegistration.Builder fineRedirectUriTemplateClientRegistration() {
 		return ClientRegistration.withRegistrationId("fine-redirect-uri-template-client-registration")
-				.redirectUriTemplate("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
+				.redirectUri("{baseScheme}://{baseHost}{basePort}{basePath}/{action}/oauth2/code/{registrationId}")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.scope("read:user")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilterTests.java

@@ -65,7 +65,7 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
 		this.registration3 = TestClientRegistrations.clientRegistration()
 			.registrationId("registration-3")
 			.authorizationGrantType(AuthorizationGrantType.IMPLICIT)
-			.redirectUriTemplate("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
+			.redirectUri("{baseUrl}/authorize/oauth2/implicit/{registrationId}")
 			.build();
 		this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(
 			this.registration1, this.registration2, this.registration3);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilterTests.java

@@ -213,7 +213,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 				.scope("user")
 				.authorizationUri("https://provider.com/oauth2/authorize")
 				.tokenUri("https://provider.com/oauth2/token")
@@ -455,7 +455,7 @@ public class OAuth2LoginAuthenticationFilterTests {
 		uriVariables.put("action", "login");
 		uriVariables.put("registrationId", clientRegistration.getRegistrationId());
 
-		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate())
+		return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUri())
 				.buildAndExpand(uriVariables)
 				.toUriString();
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolverTests.java

@@ -94,7 +94,7 @@ public class OAuth2AuthorizedClientArgumentResolverTests {
 				.clientSecret("secret")
 				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+				.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 				.scope("user")
 				.authorizationUri("https://provider.com/oauth2/authorize")
 				.tokenUri("https://provider.com/oauth2/token")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest.java

@@ -57,7 +57,7 @@ public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverterTest {
 	private String clientRegistrationId = "github";
 
 	private ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(this.clientRegistrationId)
-			.redirectUriTemplate("{baseUrl}/{action}/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 			.scope("read:user")

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/authentication/OAuth2LoginAuthenticationWebFilterTests.java

@@ -97,11 +97,11 @@ public class OAuth2LoginAuthenticationWebFilterTests {
 				.state("state")
 				.clientId(clientRegistration.getClientId())
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.build();
 		OAuth2AuthorizationResponse authorizationResponse = this.authorizationResponseBldr
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.build();
 		OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange(authorizationRequest,
 				authorizationResponse);