Skip to content

Support @ClientRegistrationId at Class Level #17838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 12, 2025
Merged

Support @ClientRegistrationId at Class Level #17838

merged 3 commits into from
Sep 12, 2025
+197 −9

Conversation

bbudano
Copy link
Contributor

@bbudano bbudano commented Sep 3, 2025

If @ClientRegistrationId is not found on a method, the declaring class will be checked instead.

Closes gh-17806

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 3, 2025
@Inder782 Inder782 mentioned this pull request Sep 4, 2025
Open
@Inder782
Copy link

Inder782 commented Sep 4, 2025

Sorry for the confusion! I accidentally referenced the wrong issue above. This PR is not related to that issue.

rwinch
rwinch previously requested changes Sep 4, 2025
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request @bbudano! I've provided feedback inline.

In addition, please update the documentation at docs/modules/ROOT/pages/whats-new.adoc and docs/modules/ROOT/pages/features/integrations/rest/http-interface.adoc to account for the new feature.

...ava/org/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessor.java Outdated
@@ -37,17 +38,20 @@ public final class ClientRegistrationIdProcessor implements HttpRequestValues.Pr

public static ClientRegistrationIdProcessor DEFAULT_INSTANCE = new ClientRegistrationIdProcessor();

private ClientRegistrationIdProcessor() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't make changes that are unrelated to the PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change occurred while formatting and wasn't intentional , I will revert it.

...rg/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessorTests.java Outdated
}

@Test
void processWhenNoClientRegistrationIdPresentThenNull() {
HttpRequestValues.Builder builder = HttpRequestValues.builder();
Method hasClientRegistrationId = ReflectionUtils.findMethod(RestService.class, "noClientRegistrationId");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While these changes are valuable, please stick to the changes related to this ticket. This helps us to track issues and ensure that, when applicable (e.g. a bug fix that is applicable to older supported branches), we can easily selectively apply changes to other branches.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will revert these changes.

...rg/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessorTests.java Outdated
@interface MetaClientRegistrationId {

}

@ClientRegistrationId(REGISTRATION_ID)
interface AnnotatedRestService {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
interface AnnotatedRestService {
interface TypeAnnotatedRestService {

This is more clear since all of the interfaces are annotated.

...ava/org/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessor.java
@@ -37,17 +38,20 @@ public final class ClientRegistrationIdProcessor implements HttpRequestValues.Pr

public static ClientRegistrationIdProcessor DEFAULT_INSTANCE = new ClientRegistrationIdProcessor();

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private SecurityAnnotationScanner<ClientRegistrationId> scanner = SecurityAnnotationScanners.requireUnique(ClientRegistrationId.class);

Use a SecurityAnnotationScanner<ClientRegistrationId> instead. This will automatically follow the same logic as we do for method security. It ensures that we do not get duplicate annotations which might provide conflicting information and thus use the wrong registration id.

...ava/org/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessor.java Outdated
Comment on lines 47 to 48
ClientRegistrationId registeredId = Optional
.ofNullable(AnnotationUtils.findAnnotation(method, ClientRegistrationId.class))
.orElseGet(() -> AnnotationUtils.findAnnotation(method.getDeclaringClass(), ClientRegistrationId.class));

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ClientRegistrationId registeredId = Optional
.ofNullable(AnnotationUtils.findAnnotation(method, ClientRegistrationId.class))
.orElseGet(() -> AnnotationUtils.findAnnotation(method.getDeclaringClass(), ClientRegistrationId.class));
ClientRegistrationId registeredId = this.scanner.scan(method, method.getDeclaringClass());

...rg/springframework/security/oauth2/client/web/client/ClientRegistrationIdProcessorTests.java
@@ -39,6 +39,8 @@
*/
class ClientRegistrationIdProcessorTests {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add tests that verify failure in the event that there are duplicate annotations. This should be handled by the SecurityAnnotationScanners.requireUnique. An example would be AggregateService.toTest() should fail due to duplicate annotations at the same level.

@ClientRegistrationId("a")
interface AService {}

@ClientRegistrationId("b")
interface BService {}

interface AggregateService extends AService, BService {
	void toTest();
}

@rwinch rwinch self-assigned this Sep 4, 2025
@rwinch rwinch added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 4, 2025
@rwinch rwinch enabled auto-merge (rebase) September 12, 2025 20:06
@rwinch
Copy link
Member

rwinch commented Sep 12, 2025

Thanks for the PR! I pushed an example of using @ClientRegistrationId at the type level. Once the build passes, this will automatically be merged into main

@rwinch rwinch added this to the 7.0.0-M3 milestone Sep 12, 2025
@bbudano
Copy link
Contributor Author

bbudano commented Sep 12, 2025

@rwinch Cool, thanks for the opportunity!

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Sep 12, 2025
@rwinch rwinch dismissed their stale review September 12, 2025 21:06

Thanks for the changes!

@rwinch rwinch merged commit a0fe04c into spring-projects:main Sep 12, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch left review comments

Assignees

@rwinch rwinch

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: feedback-provided Feedback has been provided type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M3
Development

Successfully merging this pull request may close these issues.

Support @ClientRegistrationId at Class Level
4 participants
@bbudano @Inder782 @rwinch @spring-projects-issues