spring-projects
diff --git a/‎spring-boot-autoconfigure/pom.xml
+5 b/‎spring-boot-autoconfigure/pom.xml
+5
diff --git a/‎spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientPropertyDefaultsEnvironmentPostProcessor.java
+71 b/‎spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientPropertyDefaultsEnvironmentPostProcessor.java
+71
diff --git a/‎spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientAutoConfiguration.java
+182 b/‎spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientAutoConfiguration.java
+182
diff --git a/‎spring-boot-autoconfigure/src/main/resources/META-INF/spring-security-oauth2-client-defaults.properties
+43 b/‎spring-boot-autoconfigure/src/main/resources/META-INF/spring-security-oauth2-client-defaults.properties
+43
diff --git a/‎spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
+5 b/‎spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
+5
@@ -516,6 +516,11 @@
 			<artifactId>spring-security-data</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-client</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security.oauth</groupId>
 			<artifactId>spring-security-oauth2</artifactId>
 
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+import java.io.IOException;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.env.EnvironmentPostProcessor;
+import org.springframework.core.Ordered;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.core.io.support.ResourcePropertySource;
+
+/**
+ * An {@link EnvironmentPostProcessor} that registers a <code>PropertySource</code> against the
+ * <code>Environment</code>, which contains a default set of client properties.
+ *
+ * @author Joe Grandja
+ * @since 2.0.0
+ */
+public class ClientPropertyDefaultsEnvironmentPostProcessor implements EnvironmentPostProcessor, Ordered {
+
+	public static final int DEFAULT_ORDER = Ordered.LOWEST_PRECEDENCE;
+
+	static final String CLIENT_DEFAULTS_RESOURCE = "META-INF/spring-security-oauth2-client-defaults.properties";
+
+	private final ResourceLoader resourceLoader = new DefaultResourceLoader();
+
+	private int order = DEFAULT_ORDER;
+
+	@Override
+	public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
+		if (this.isClientsConfigured(environment)) {
+			try {
+				environment.getPropertySources().addLast(
+						new ResourcePropertySource(this.resourceLoader.getResource(CLIENT_DEFAULTS_RESOURCE)));
+			}
+			catch (IOException ex) {
+				throw new IllegalStateException("Failed to load class path resource: " + CLIENT_DEFAULTS_RESOURCE, ex);
+			}
+		}
+	}
+
+	@Override
+	public int getOrder() {
+		return this.order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	private boolean isClientsConfigured(ConfigurableEnvironment environment) {
+		return !OAuth2ClientAutoConfiguration.getClientKeys(environment).isEmpty();
+	}
+}
@@ -0,0 +1,182 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security.oauth2.client;
+
+import java.net.URI;
+import java.util.AbstractMap;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionMessage;
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.boot.context.properties.bind.Bindable;
+import org.springframework.boot.context.properties.bind.Binder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ConfigurationCondition;
+import org.springframework.core.annotation.Order;
+import org.springframework.core.env.Environment;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationProperties;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+
+/**
+ * {@link EnableAutoConfiguration Auto-configuration} for Spring Security OAuth 2.0 / OpenID Connect 1.0 client support.
+ *
+ * @author Joe Grandja
+ * @since 2.0.0
+ */
+@Configuration
+@ConditionalOnWebApplication(type = Type.SERVLET)
+@ConditionalOnClass({EnableWebSecurity.class, ClientRegistration.class})
+@AutoConfigureBefore(SecurityAutoConfiguration.class)
+public class OAuth2ClientAutoConfiguration {
+
+	private static final String CLIENT_PROPERTY_PREFIX = "security.oauth2.client";
+
+	private static final String CLIENT_ID_PROPERTY = "client-id";
+
+	private static final String USER_INFO_URI_PROPERTY = "user-info-uri";
+
+	private static final String USER_NAME_ATTR_NAME_PROPERTY = "user-name-attribute-name";
+
+	static Set<String> getClientKeys(Environment environment) {
+		return getClientPropertiesByClient(environment).keySet();
+	}
+
+	static Map<String, Map> getClientPropertiesByClient(Environment environment) {
+		Map<String, Object> clientPropertiesByClient = Binder.get(environment)
+				.bind(CLIENT_PROPERTY_PREFIX, Bindable.mapOf(String.class, Object.class))
+				.orElse(new HashMap<>());
+
+		// Filter out clients that don't have the client-id property set
+		return clientPropertiesByClient.entrySet().stream()
+				.map(e -> new AbstractMap.SimpleImmutableEntry<>(e.getKey(), (Map) e.getValue()))
+				.filter(e -> e.getValue().containsKey(CLIENT_ID_PROPERTY))
+				.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+	}
+
+	@Order(1)
+	@Configuration
+	@Conditional(ClientsConfiguredCondition.class)
+	@ConditionalOnMissingBean(ClientRegistrationRepository.class)
+	protected static class ClientRegistrationRepositoryConfiguration {
+		private final Environment environment;
+
+		protected ClientRegistrationRepositoryConfiguration(Environment environment) {
+			this.environment = environment;
+		}
+
+		@Bean
+		public ClientRegistrationRepository clientRegistrationRepository() {
+			List<ClientRegistration> clientRegistrations = new ArrayList<>();
+
+			Binder binder = Binder.get(this.environment);
+			getClientKeys(this.environment).forEach(clientKey -> {
+				String fullClientKey = CLIENT_PROPERTY_PREFIX + "." + clientKey;
+				ClientRegistrationProperties clientRegistrationProperties = binder.bind(
+						fullClientKey, Bindable.of(ClientRegistrationProperties.class)).get();
+				clientRegistrations.add(new ClientRegistration.Builder(clientRegistrationProperties).build());
+			});
+
+			return new InMemoryClientRegistrationRepository(clientRegistrations);
+		}
+	}
+
+	@Order(2)
+	@ConditionalOnMissingBean(WebSecurityConfiguration.class)
+	@ConditionalOnBean(ClientRegistrationRepository.class)
+	@EnableWebSecurity
+	protected static class OAuth2LoginConfiguration extends WebSecurityConfigurerAdapter {
+		private final Environment environment;
+		private final ClientRegistrationRepository clientRegistrationRepository;
+
+		protected OAuth2LoginConfiguration(Environment environment, ClientRegistrationRepository clientRegistrationRepository) {
+			this.environment = environment;
+			this.clientRegistrationRepository = clientRegistrationRepository;
+		}
+
+		// @formatter:off
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.oauth2Login()
+					.clients(this.clientRegistrationRepository);
+
+			this.registerUserNameAttributeNames(http.oauth2Login());
+		}
+		// @formatter:on
+
+		private void registerUserNameAttributeNames(OAuth2LoginConfigurer<HttpSecurity> oauth2LoginConfigurer) throws Exception {
+			getClientPropertiesByClient(this.environment).entrySet().stream().forEach(e -> {
+				String userInfoUriValue = (String) e.getValue().get(USER_INFO_URI_PROPERTY);
+				String userNameAttributeNameValue = (String) e.getValue().get(USER_NAME_ATTR_NAME_PROPERTY);
+				if (userInfoUriValue != null && userNameAttributeNameValue != null) {
+					// @formatter:off
+					oauth2LoginConfigurer
+						.userInfoEndpoint()
+							.userNameAttributeName(userNameAttributeNameValue, URI.create(userInfoUriValue));
+					// @formatter:on
+				}
+			});
+		}
+	}
+
+	private static class ClientsConfiguredCondition extends SpringBootCondition implements ConfigurationCondition {
+
+		@Override
+		public ConfigurationCondition.ConfigurationPhase getConfigurationPhase() {
+			return ConfigurationPhase.PARSE_CONFIGURATION;
+		}
+
+		@Override
+		public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata) {
+			ConditionMessage.Builder message = ConditionMessage.forCondition("OAuth2 Clients Configured Condition");
+			Set<String> clientKeys = getClientKeys(context.getEnvironment());
+			if (!clientKeys.isEmpty()) {
+				return ConditionOutcome.match(message.foundExactly("OAuth2 Client(s) -> " +
+						clientKeys.stream().collect(Collectors.joining(", "))));
+			}
+			return ConditionOutcome.noMatch(message.notAvailable("OAuth2 Client(s)"));
+		}
+	}
+}
@@ -0,0 +1,43 @@
+# Google
+security.oauth2.client.google.client-authentication-method=basic
+security.oauth2.client.google.authorization-grant-type=authorization_code
+security.oauth2.client.google.redirect-uri={scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}
+security.oauth2.client.google.scope=openid, profile, email, address, phone
+security.oauth2.client.google.authorization-uri=https://accounts.google.com/o/oauth2/auth
+security.oauth2.client.google.token-uri=https://accounts.google.com/o/oauth2/token
+security.oauth2.client.google.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo
+security.oauth2.client.google.jwk-set-uri=https://www.googleapis.com/oauth2/v3/certs
+security.oauth2.client.google.client-name=Google
+security.oauth2.client.google.client-alias=google
+
+# GitHub
+security.oauth2.client.github.client-authentication-method=basic
+security.oauth2.client.github.authorization-grant-type=authorization_code
+security.oauth2.client.github.redirect-uri={scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}
+security.oauth2.client.github.scope=user
+security.oauth2.client.github.authorization-uri=https://github.com/login/oauth/authorize
+security.oauth2.client.github.token-uri=https://github.com/login/oauth/access_token
+security.oauth2.client.github.user-info-uri=https://api.github.com/user
+security.oauth2.client.github.user-name-attribute-name=name
+security.oauth2.client.github.client-name=GitHub
+security.oauth2.client.github.client-alias=github
+
+# Facebook
+security.oauth2.client.facebook.client-authentication-method=post
+security.oauth2.client.facebook.authorization-grant-type=authorization_code
+security.oauth2.client.facebook.redirect-uri={scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}
+security.oauth2.client.facebook.scope=public_profile, email
+security.oauth2.client.facebook.authorization-uri=https://www.facebook.com/v2.8/dialog/oauth
+security.oauth2.client.facebook.token-uri=https://graph.facebook.com/v2.8/oauth/access_token
+security.oauth2.client.facebook.user-info-uri=https://graph.facebook.com/me
+security.oauth2.client.facebook.user-name-attribute-name=name
+security.oauth2.client.facebook.client-name=Facebook
+security.oauth2.client.facebook.client-alias=facebook
+
+# Okta
+security.oauth2.client.okta.client-authentication-method=basic
+security.oauth2.client.okta.authorization-grant-type=authorization_code
+security.oauth2.client.okta.redirect-uri={scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{clientAlias}
+security.oauth2.client.okta.scope=openid, profile, email, address, phone
+security.oauth2.client.okta.client-name=Okta
+security.oauth2.client.okta.client-alias=okta
@@ -7,6 +7,10 @@ org.springframework.boot.autoconfigure.logging.AutoConfigurationReportLoggingIni
 org.springframework.context.ApplicationListener=\
 org.springframework.boot.autoconfigure.BackgroundPreinitializer
 
+# Environment Post Processors
+org.springframework.boot.env.EnvironmentPostProcessor=\
+org.springframework.boot.autoconfigure.security.oauth2.client.ClientPropertyDefaultsEnvironmentPostProcessor
+
 # Auto Configuration Import Listeners
 org.springframework.boot.autoconfigure.AutoConfigurationImportListener=\
 org.springframework.boot.autoconfigure.condition.ConditionEvaluationReportAutoConfigurationImportListener
@@ -99,6 +103,7 @@ org.springframework.boot.autoconfigure.reactor.core.ReactorCoreAutoConfiguration
 org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\
 org.springframework.boot.autoconfigure.security.SecurityFilterAutoConfiguration,\
 org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration,\
+org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientAutoConfiguration,\
 org.springframework.boot.autoconfigure.sendgrid.SendGridAutoConfiguration,\
 org.springframework.boot.autoconfigure.session.SessionAutoConfiguration,\
 org.springframework.boot.autoconfigure.social.SocialWebAutoConfiguration,\