OAuth2 Client

Spring Security’s OAuth Support allows obtaining an access token without authenticating. A basic configuration with Spring Boot can be seen below:

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: replace-with-client-id
            client-secret: replace-with-client-secret
            scope: read:user,public_repo

You will need to replace the client-id and client-secret with values registered with GitHub.

The next step is to instruct Spring Security that you wish to act as an OAuth2 Client so that you can obtain an access token.

Example 1. OAuth2 Client

Java

@Bean
SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception {
	http
		// ...
		.oauth2Client(withDefaults());
	return http.build();
}

Kotlin

@Bean
fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    return http {
        // ...
        oauth2Client { }
    }
}

You can now leverage Spring Security’s [webclient] or @RegisteredOAuth2AuthorizedClient support to obtain and use the access token.