Token exchange in Spring OAuth2 client credentials flow

  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: ${issuer-uri-of-identity}
      client:
        registration:
          some-app:
            client-id: ${qwerty.server.client.client-id}
            client-secret: ${qwerty.server.client.client-secret}
            scope: ${qwerty.server.client.some-app-scope}
            authorization-grant-type: client_credentials
            provider: qwerty

qwerty:
  server:
    max-clock-skew: 60
    url: ....
    scope: my-scope
    client:
      client-id: ...
      client-secret: ....
      some-app-scope: my-ticket-scope

  security:

    oauth2:

      resourceserver:

        jwt:

          issuer-uri: ${issuer-uri-of-identity}

      client:

        registration:

          some-app:

            client-id: ${qwerty.server.client.client-id}

            client-secret: ${qwerty.server.client.client-secret}

            scope: ${qwerty.server.client.some-app-scope}

            authorization-grant-type: client_credentials

            provider: qwerty

​

qwerty:

  server:

    max-clock-skew: 60

    url: ....

    scope: my-scope

    client:

      client-id: ...

      client-secret: ....

      some-app-scope: my-ticket-scope

​

    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
            "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
    ...
    @Bean("someAppRestTemplate")
    @Autowired
    public RestTemplate buildRestTemplateForSomeApp(RestTemplateBuilder builder) {
        return builder
                .messageConverters(converter)
                .additionalInterceptors(Arrays.asList(contentTypeInterceptor(), oauthInterceptor("some-app")))
                .build();
    }
   ...
   private ClientHttpRequestInterceptor oauthInterceptor(String id) {
        return (r, b, e) -> {
            OAuth2AuthorizedClient client = manager.authorize(
                    OAuth2AuthorizeRequest
                            .withClientRegistrationId(id)
                            .principal(ANONYMOUS_AUTHENTICATION)
                            .build()
            );
            Assert.notNull(client, "Can not access File Storage Service");
            r.getHeaders().setBearerAuth(client.getAccessToken().getTokenValue());
            return e.execute(r, b);
        };
    }

    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(

            "anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));

    ...

    @Bean("someAppRestTemplate")

    @Autowired

    public RestTemplate buildRestTemplateForSomeApp(RestTemplateBuilder builder) {

        return builder

                .messageConverters(converter)

                .additionalInterceptors(Arrays.asList(contentTypeInterceptor(), oauthInterceptor("some-app")))

                .build();

    }

   ...

   private ClientHttpRequestInterceptor oauthInterceptor(String id) {

        return (r, b, e) -> {

            OAuth2AuthorizedClient client = manager.authorize(

                    OAuth2AuthorizeRequest

                            .withClientRegistrationId(id)

                            .principal(ANONYMOUS_AUTHENTICATION)

                            .build()

            );

            Assert.notNull(client, "Can not access File Storage Service");

            r.getHeaders().setBearerAuth(client.getAccessToken().getTokenValue());

            return e.execute(r, b);

        };

    }

​