Fix OAuth2 provider discovery to use Spring's ClientRegistration dynamically #541

Merged
scion merged 4 commits from fix-oauth2-dynamic-providers into master 2026-06-18 00:09:33 -07:00
Owner

OAuth2Properties hard-coded 'github' as the only provider, making it
impossible to configure additional OAuth2 providers via Spring config.

Replace with injection of List, which Spring Boot
automatically populates from spring.security.oauth2.client.registration.*
properties. Now adding a new registration (e.g. Google, GitLab) in
application.yaml automatically creates a login button for it on the
front page.

  • Delete OAuth2Properties class entirely
  • WebController now depends on List instead
  • Update tests to create minimal ClientRegistration instances
OAuth2Properties hard-coded 'github' as the only provider, making it impossible to configure additional OAuth2 providers via Spring config. Replace with injection of List<ClientRegistration>, which Spring Boot automatically populates from spring.security.oauth2.client.registration.* properties. Now adding a new registration (e.g. Google, GitLab) in application.yaml automatically creates a login button for it on the front page. - Delete OAuth2Properties class entirely - WebController now depends on List<ClientRegistration> instead - Update tests to create minimal ClientRegistration instances
Fix OAuth2 provider discovery to use Spring's ClientRegistration dynamically
Some checks failed
CI Build & Test / build-and-test (pull_request) Has been cancelled
1a5c12ad8a
OAuth2Properties hard-coded 'github' as the only provider, making it
impossible to configure additional OAuth2 providers via Spring config.

Replace with injection of List<ClientRegistration>, which Spring Boot
automatically populates from spring.security.oauth2.client.registration.*
properties. Now adding a new registration (e.g. Google, GitLab) in
application.yaml automatically creates a login button for it on the
front page.

- Delete OAuth2Properties class entirely
- WebController now depends on List<ClientRegistration> instead
- Update tests to create minimal ClientRegistration instances
scion force-pushed fix-oauth2-dynamic-providers from 1a5c12ad8a
Some checks failed
CI Build & Test / build-and-test (pull_request) Has been cancelled
to 08f4e0c98d
All checks were successful
CI Build & Test / build-and-test (pull_request) Successful in 4m31s
2026-06-15 21:47:42 -07:00
Compare
fix authentik timeout
All checks were successful
CI Build & Test / build-and-test (pull_request) Successful in 4m38s
48d5a8483b
Normalize OAuth2/OIDC authorities to ROLE_AUTHENTICATED in templates
All checks were successful
CI Build & Test / build-and-test (pull_request) Successful in 4m32s
6b4a2b1da0
Spring Security uses OAUTH2_USER for plain OAuth 2.0 providers (e.g. GitHub) and
OIDC_USER for OpenID Connect providers (e.g. Authentik). Instead of hardcoding
OAUTH2_USER checks in FreeMarker templates, add a GrantedAuthoritiesMapper that
adds ROLE_AUTHENTICATED for both cases, making authentication provider-agnostic.
recognize OAUTH2 and OIDC authorities
All checks were successful
CI Build & Test / build-and-test (pull_request) Successful in 4m34s
9e77114ee9
scion self-assigned this 2026-06-17 23:11:22 -07:00
scion merged commit bd6b7c9ba3 into master 2026-06-18 00:09:33 -07:00
scion deleted branch fix-oauth2-dynamic-providers 2026-06-18 00:09:33 -07:00
Sign in to join this conversation.
No description provided.