|
|
@@ -0,0 +1,34 @@
|
|
|
+= Access Token
|
|
|
+
|
|
|
+Spring Security's OAuth Support allows obtaining an access token without authenticating.
|
|
|
+A basic configuration with Spring Boot can be seen below:
|
|
|
+
|
|
|
+[source,yml]
|
|
|
+----
|
|
|
+spring:
|
|
|
+ security:
|
|
|
+ oauth2:
|
|
|
+ client:
|
|
|
+ registration:
|
|
|
+ github:
|
|
|
+ client-id: replace-with-client-id
|
|
|
+ client-secret: replace-with-client-secret
|
|
|
+ scopes: read:user,public_repo
|
|
|
+----
|
|
|
+
|
|
|
+You will need to replace the `client-id` and `client-secret` with values registered with GitHub.
|
|
|
+
|
|
|
+The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.
|
|
|
+
|
|
|
+[source,java]
|
|
|
+----
|
|
|
+@Bean
|
|
|
+SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
|
|
|
+ http
|
|
|
+ // ...
|
|
|
+ .oauth2Client();
|
|
|
+ return http.build();
|
|
|
+}
|
|
|
+----
|
|
|
+
|
|
|
+You can now leverage Spring Security's <<webclient>> support to obtain and use the access token.
|
Rob Winch