Reputation: 131
Alternative for OAuth2FeignRequestInterceptor that depends on a deprecated class
Disclaimer: I honestly tried to google/github this, scanned through the OAuth2 migration guide, but couldn't find an answer to this, so here we go.
org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor from spring-cloud-security project acquires OAuth2 token and sets it to a Feign's RequestTemplate transparently to a client's invoker.
However, it relies on a deprecated OAuth2ClientContext class, which refers to an aforementioned migration guide, which still says that
For other flows, an OAuth2ClientContext instance needs to be constructed and exposed.
So would be great to know several things:
1. Is it really deprecated, or it's just that its usage should change (at least in certain cases)?
2. If former - what's the correct alternative?
3. Are there any plans to migrate OAuth2FeignRequestInterceptor from using the deprecated classes?
Upvotes: 13
Views: 2629
Answers (1)
Reputation: 4038
The classes OAuth2FeignRequestInterceptor and OAuth2ClientContext has changed in the latest versions. It's changed to @Deprecated now. It already has an open issue linked to it. Lets understand it one by one.
OAuth2FeignRequestInterceptor : Previously it used to be a part of spring-cloud-security. You can now find it in the below link
spring-cloud/spring-cloud-openfeign
Exact class is in this link OAuth2FeignRequestInterceptor.java. This project is still a work in progress.OAuth2ClientContext : If we look carefully in the javadoc present in the class it says:
@deprecated See the OAuth 2.0 Migration Guide for Spring Security 5. The migration Guide mentioned in the link states that
This document contains guidance for moving OAuth 2.0 Clients and Resource Servers from Spring Security OAuth 2.x to Spring Security 5.2.x. Since Spring Security doesn’t provide Authorization Server support, migrating a Spring Security OAuth Authorization Server is out of scope for this document.
The latest changes are present in spring-security. In spring-security 5.3.x information related to OAuth2 client can be found in the this link . OAuth2AuthorizedClient.java
You will get more details if you refer to the information provided in the Migration Guide.In future it will be a part of Spring Authorization Server.
Github : spring-authorization-server which under development. A lot of OAuth2 related stuff is present. e.g. OAuth2Authorization.java which will used to getAccessToken, RefreshToken etc.
Some more information from Stackoverflow about the alternatives which might help. this
Upvotes: 2
Related Questions
- What is the replacement for the deprecated AuthorizationServer in Spring Security?
- Replacement for UnAuthenticatedServerOAuth2AuthorizedClientRepository
- What is the replacement for deprecated BasicAuthorizationInterceptor?
- Deprecate spring-security-oauth as a client
- Alternative For OAuth2FeignRequestInterceptor as it is deprecated NOW
- OAuth2FeignRequestInterceptor class deprecated in Spring Boot 2.3
- AuthorizationServerConfigurerAdapter is deprecated
- OAuth2 | ClientCredentialsResourceDetails | deprecated
- Upgrading Spring Security OAuth2
- spring-security-oauth2 alternatives