I followed the Spring Security 5.0 official reference documentation and sample codes oauth2login to setup OAuth2/OIDC authentication in my project, but it failed and I got the following exception when I booted up my application by mvn spring-boot:run.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository'
defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientRegistrationRepositoryConfiguration.class]:
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]:
Factory method 'clientRegistrationRepository' threw exception;
nested exception is java.lang.IllegalArgumentException: authorizationGrantType cannot be null
I was using the default configuration provided by Spring Boot, and just added some basic dependencies into projects, such as spring-security-config, spring-security-oauth2-client, spring-security-oauth2-jsoe etc.
Updated:
I'v found the reason, for custom OAuth2 providers, such as Gitlab, I have to add grant type, redirectUritemplate, scope, clientName etc, but OpenID Connect specification has a configuration endpoint protocol, eg: https://gitlab.com/.well-known/openid-configuration , is there possible to make Spring Security to read these info automatically?
To elaborate on OP's update above, the properties you need to include in your application.yaml to resolve the original error are as shown below, in this case for Azure AD (note this ONLY works with Spring Security 5, NOT Spring Security OAuth2 2.x whose functionality is being merged directly into Spring Security 5):
spring:
security:
oauth2:
client:
registration:
microsoft:
client-id: a935ba7b-6aa4-4b0c-9e84-04f9acaa477b
client-secret: redacted
authorization-grant-type: authorization_code
redirect-uri-template: '{baseUrl}/login/oauth2/code/{registrationId}'
scope: User.Read
client-name: Microsoft
client-alias: microsoft
provider:
microsoft:
authorization-uri: https://login.microsoftonline.com/common/oauth2/authorize?resource=https://graph.microsoft.com/
token-uri: https://login.microsoftonline.com/common/oauth2/token
user-info-uri: https://graph.microsoft.com/v1.0/me
user-name-attribute: sub
jwk-set-uri: https://login.microsoftonline.com/common/discovery/keys
来源:https://stackoverflow.com/questions/49315552/authorizationgranttype-cannot-be-null-in-spring-security-5-oauth-client-and-spri