Skip to content

DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client #7546

New issue
New issue
Closed
Closed
DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save authorized client#7546
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: bugA general bug
Milestone
5.2.1
@philsttr

Description

@philsttr
philsttr
opened on Oct 18, 2019

Summary

DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient never actually saves the authorized client, because it ignores the Mono<Void> returned from authorizedClientRepository.saveAuthorizedClient

Actual Behavior

DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient does not save the authorized client.

spring-security/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.java

Lines 108 to 111 in 6ad328f

.map(exchange -> {
this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange);
return authorizedClient;
})

this.authorizedClientRepository.saveAuthorizedClient returns a Mono<Void>, which is ignored, and never included in the stream, and therefore never subscribed.

Expected Behavior

DefaultReactiveOAuth2AuthorizedClientManager.saveAuthorizedClient saves the authorized client.

Perhaps:

	.flatMap(exchange -> 
		this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, principal, exchange)
			.thenReturn(authorizedClient))

Configuration

n/a

Version

Spring Boot 2.2.0.RELEASE
Spring Security 5.2.0.RELEASE

Sample

n/a

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions