Description
Describe the bug
Normally, when oauth2-login is configured, it is possible to inject @AuthenticationPrincipal and @RegisteredOAuth2AuthorizedClient into controller methods. The former always works, the latter only with Java configuration. With an XML configuration like this:
<sec:http pattern="/my-api/**" use-expressions="true" auto-config="false">
<sec:csrf disabled="true"/>
<sec:intercept-url pattern="/my-api/**" access="authenticated"/>
<sec:oauth2-login access-token-response-client-ref="accessTokenResponseClient"/>
</sec:http>
...
<sec:client-registrations>
<sec:client-registration registration-id="myId" ... />
<sec:provider provider-id="myProvider" .../>
</sec:client-registrations>
And controller code like this:
public Map<String, Object> getStuff(
@AuthenticationPrincipal Principal principal,
@RegisteredOAuth2AuthorizedClient(registrationId = "myId") OAuth2AuthorizedClient client) {
...
}
I am getting the following stacktrace:
| Caused by: java.lang.IllegalStateException: No primary or default constructor found for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
| at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:219)
| at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:85)
...
Caused by: java.lang.NoSuchMethodException: org.springframework.security.oauth2.client.OAuth2AuthorizedClient.()
| at java.lang.Class.getConstructor0(Class.java:3082)
With the equivalent configuration in Java it works. There might be a problem with the client registrations being an inner bean and somehow not getting managed properly in the OAuth2AuthorizedClientRepository.