Spring Authorization Server Metadata Endpoint not compatible

Question

Spring Authorization Server Metadata Endpoint not compatible

jsantana3c opened this issue 2 months ago · comments

jsantana3c commented 2 months ago

Describe the bug

Spring Authorization Server 1.3.0 metadata endpoint not compatible, it generates a "Null" Path, which prevents the serialization of jackson, preventing the creation of the openapi json.

To Reproduce
Steps to reproduce the behavior:

What version of spring-boot you are using? 3.3.0
What modules and versions of springdoc-openapi are you using? webmvc-ui-starter
What is the actual and the expected result using OpenAPI Description (yml or json)? json
Provide with a sample code (HelloController) or Test that reproduces the problem -> just add spring authorization server with defaults

Expected behavior

spring authorization server metadata endpoint default url
Screenshots
the matcher is a lambda, so that's probably the reason why the code doesn't work properly

so in the method
org.springdoc.core.configuration.SpringDocSecurityOAuth2Customizer#buildPath

no matching is being done, and the path ends up being null.

Additional context
spring is checking if it has multipleIssuers, so maybe you can guys customize the code and check if isMultipleIssuersAllowed directly and apply the default DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI, otherwise leave it with the /** by default?

senowang · Answer 1 · Fri Jun 07 2024 18:09:19 GMT+0800 (China Standard Time)

you just exclude @SpringBootApplication(exclude = {SpringDataWebAutoConfiguration.class}) and it will be fine

Alex Schade · Answer 2 · Wed Jun 12 2024 07:40:30 GMT+0800 (China Standard Time)

you just exclude @SpringBootApplication(exclude = {SpringDataWebAutoConfiguration.class}) and it will be fine

I'm having the same issue and this didn't fix the problem. From testing locally it looks like upgrading spring-security-oauth2-authorization-server to version 1.3.0 from 1.2.4 is when the issue started, so some change in the most recent version of that dependency started the issue.

If I had to guess it was this change that's causing the issue: spring-projects/spring-authorization-server@4cfe59c

senowang · Answer 3 · Wed Jun 12 2024 10:03:37 GMT+0800 (China Standard Time)

you just exclude @SpringBootApplication(exclude = {SpringDataWebAutoConfiguration.class}) and it will be fine你只需排除（exclude = {SpringDataWebAutoConfiguration.class}）就可以了

I'm having the same issue and this didn't fix the problem. From testing locally it looks like upgrading spring-security-oauth2-authorization-server to version 1.3.0 from 1.2.4 is when the issue started, so some change in the most recent version of that dependency started the issue.我遇到了同样的问题，但这并没有解决问题。从本地测试来看，升级 spring-security-oauth2-authorization-server 到版本似乎是问题开始时的版本 1.3.0 1.2.4 ，因此该依赖项的最新版本中的一些更改引发了问题。

If I had to guess it was this change that's causing the issue: spring-projects/spring-authorization-server@4cfe59c如果我不得不猜测是这个变化导致了这个问题：spring-projects/spring-authorization-server@ 4cfe59c

you can see this issues spring-projects/spring-data-commons#2937

Badr NASS LAHSEN · Answer 4 · Mon Jun 17 2024 04:29:43 GMT+0800 (China Standard Time)

@jsantana3c,

The check if isMultipleIssuersAllowed can be done only in spring-security context on the runtime of the http request.
I have added a fix so both endpoints are exposed by default.