ServletOAuth2AuthorizedClientExchangeFilterFunction Does Not Work For Chained Reactive Methods

[rwinch]

Summary

The defaults for ServletOAuth2AuthorizedClientExchangeFilterFunction are performed on the main thread so that ThreadLocal's like SecurityContextHolder and RequestContextHolder can be accessed. The problem is that when chaining occurs, the thread has also chained. This means these defaults cannot be accessed.

An example would be something like this:

override fun getPermissionForDefaultLogin(repositoryRef: RepositoryRef): Mono<Permission> {
    return defaultGitHubLogin()
            // getPermissionsForLogin is deferred to another thread which means defaults cannot be found on the ThreadLocal objects
            .flatMap { login -> getPermissionForLogin(repositoryRef, login) }
}

private fun getPermissionForLogin(repositoryRef: RepositoryRef, login: String): Mono<Permission> {
    return webClient.get()
            .uri("$baseGitHubUrl/repos/${repositoryRef.fullName}/collaborators/$login/permission")
            .attributes(clientRegistrationId("github"))
            .retrieve()
            .bodyToMono<Map<String,Object>>()
            .map { body -> body.get("permission")?.toString()!! }
            .map { p -> Permission(login, p) }
}

private fun defaultGitHubLogin(): Mono<String> {
    return webClient.get()
            .uri("$baseGitHubUrl/user")
            .retrieve()
            .bodyToMono<Map<String,Object>>()
            .map { body -> body.get("login")?.toString() }
}

We should find a way to ensure that the defaults are propagated to chained methods (likely using Reactor's context)