OAuth2ClientPropertiesRegistrationAdapter ignores userNameAttribute

[tibberg]

OAuth2ClientPropertiesRegistrationAdapter doesn't set the Provider's userNameAttribute

summary

I want to set up a custom Oauth2 provider using configuration only.

• spring boot 2.0.0.M7
• spring-security: 5.0.0.RELEASE

what i did

I have the following stanza in application.yml:

  security:
    oauth2:
      client:
        registration:
          custom:
            client-name: Custom
            client-id: <id>
            client-secret: <secret>
            authorization-grant-type: authorization_code
            redirect-uri-template: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope: user
        provider:
          custom:
            authorization-uri: http://localhost:9999/uaa/oauth/authorize
            token-uri: http://localhost:9999/uaa/oauth/token
            user-info-uri: http://localhost:9999/uaa/user
            user-name-attribute: name

The /uaa/user endpoint is a simple implementation (using the 1.5 spring-boot @EnableAuthorizationServer):

    @RequestMapping("/user")
    @ResponseBody
    public Principal user(Principal user) {
        return user;
    }

After successful login, I am redirected back to my application but there I get the following error: Reason: [missing_user_name_attribute] Missing required "user name" attribute name in UserInfoEndpoint for Client Registration: custom

suggestion

I think that the OAuth2ClientPropertiesRegistrationAdapter's private static Builder getBuilder(Builder builder, Provider provider) method should include the following line:

copyIfNotNull(provider::getUserNameAttribute, builder::userNameAttributeName);

[wilkinsona]

Thanks. This is a duplicate of #10672.