Oidclogin test support

[jzheaux]

No description provided.

[jzheaux]

@rwinch, obviously feel free to comment on anything you like. I'm posting this PR so that you can take a look at a couple of multi-threading concerns I have.

[jzheaux]

@jgrandja I looked into simply pulling this from the application context. The issue I discovered is that Spring Boot registers an AuthenticatedPrincipalOAuth2AuthorizedClientRepository, which will store this client in an InMemoryOAuth2AuthorizedClientService. Since that is likely shared between tests, it could cause a problem in concurrent tests.

I've chosen to stick with HttpSessionOAuth2AuthorizedClientRepository and documentation that indicates that tests should use that repository so that the argument resolver picks up the client created here.

With this approach, @RegisteredOAuth2AuthorizedClient will work with still pretty minimal code in the test, e.g.:

@Test 
public void test() {
    this.mvc.perform(get("/")
        .with(oidcLogin().clientRegistration(clientRegistration));
}

@Configuration
static class ClientConfig {
    @Bean 
    ClientRegistrationRepository clients() {
        return new InMemoryClientRegistrationRepository(clientRegistration);
    }

    @Bean 
    OAuth2AuthorizedClientRepository authorizedClients() {
        return new HttpSessionOAuth2AuthorizedClientRepository();
    }
}

This could be potentially reduced down the road if there's a simple, thread-safe way to reconfigure or override the OAuth2AuthorizedClientArgumentResolver within the confines of the test.

/cc @rwinch for additional thoughts.

[jgrandja]

@jzheaux I like the way the test reads. It's simple, concise and consistent with HttpSecurity.oauth2Login() Servlet DSL. For the initial feature release, I think it's fine to require the use of HttpSessionOAuth2AuthorizedClientRepository in tests. We can figure out ways to improve this later.

[jzheaux]

Merged via b35e18f