[Spring] Add clientRegistrationId option for OAuth2 HTTP Interface #22726
+9,460
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…face
Add support for the @ClientRegistrationId annotation in Spring HTTP Interface
generated clients to enable OAuth2 authentication integration with Spring Security.
Changes:
- Add new clientRegistrationId configuration option in SpringCodegen
- Update api.mustache template to include @ClientRegistrationId annotation
- Add import for org.springframework.security.oauth2.client.annotation.ClientRegistrationId
- Process clientRegistrationId in postProcessOperationsWithModels
- Add sample configuration and example output
The @ClientRegistrationId annotation automatically associates OAuth2 tokens
with HTTP requests when using Spring Security 7.0+ HTTP Service Client integration.
Usage:
openapi-generator-cli generate -g spring \
--library spring-http-interface \
--additional-properties clientRegistrationId=my-oauth-client \
-i spec.yaml -o ./output
Related documentation:
https://docs.spring.io/spring-security/reference/features/integrations/rest/http-service-client.html
Move the @ClientRegistrationId annotation from individual methods to the interface class level, following Spring Security's recommended practice. Changes: - Update api.mustache to place annotation on interface declaration - Modify SpringCodegen to set clientRegistrationId on operations map - Update sample code to show class-level annotation - Update README with improved example and explanation This approach is cleaner and avoids repeating the annotation on every method, as recommended in Spring Security documentation.
Add tests to verify: - @ClientRegistrationId annotation is generated when option is set - Annotation is not present when option is not configured Also regenerate complete samples for spring-http-interface-oauth config. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ng-galien
changed the title
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 63 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java">
<violation number="1" location="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java:226">
P1: toString() prints plaintext password, leaking sensitive data when logged</violation>
</file>
<file name="samples/client/petstore/spring-http-interface-oauth/README.md">
<violation number="1" location="samples/client/petstore/spring-http-interface-oauth/README.md:55">
P2: README requires Spring Boot 3.5+/Security 6.5+ but pom still targets Boot 3.1.3, so documented requirements and code dependencies are inconsistent</violation>
</file>
<file name="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/api/FakeApi.java">
<violation number="1" location="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/api/FakeApi.java:208">
P2: Multipart file parameter declared with @RequestPart while content type is application/x-www-form-urlencoded; RequestPart requires multipart/form-data so the file cannot be bound.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| sb.append(" firstName: ").append(toIndentedString(firstName)).append("\n"); | ||
| sb.append(" lastName: ").append(toIndentedString(lastName)).append("\n"); | ||
| sb.append(" email: ").append(toIndentedString(email)).append("\n"); | ||
| sb.append(" password: ").append(toIndentedString(password)).append("\n"); |
There was a problem hiding this comment.
P1: toString() prints plaintext password, leaking sensitive data when logged
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java, line 226:
<comment>toString() prints plaintext password, leaking sensitive data when logged</comment>
<file context>
@@ -0,0 +1,244 @@
+ sb.append(" firstName: ").append(toIndentedString(firstName)).append("\n");
+ sb.append(" lastName: ").append(toIndentedString(lastName)).append("\n");
+ sb.append(" email: ").append(toIndentedString(email)).append("\n");
+ sb.append(" password: ").append(toIndentedString(password)).append("\n");
+ sb.append(" phone: ").append(toIndentedString(phone)).append("\n");
+ sb.append(" userStatus: ").append(toIndentedString(userStatus)).append("\n");
</file context>
.../client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/api/FakeApi.java
Show resolved
Hide resolved
- Upgrade Spring Boot from 3.1.3 to 3.5.0 - Add spring-boot-starter-oauth2-client dependency @ClientRegistrationId requires Spring Security 6.5+ (Spring Boot 3.5+) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
2 issues found across 63 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java">
<violation number="1" location="samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java:226">
P2: toString() prints the password value, risking credential leakage when the DTO is logged</violation>
</file>
<file name="samples/client/petstore/spring-http-interface-oauth/README.md">
<violation number="1" location="samples/client/petstore/spring-http-interface-oauth/README.md:87">
P1: Bean configuration example builds a bare RestClient and passes it to HttpInterfacesAbstractConfigurator, which takes a WebClient and applies no OAuth2 configurer—clients will lack OAuth2 support and the snippet won’t compile.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| public class HttpInterfaceConfig extends HttpInterfacesAbstractConfigurator { | ||
| public HttpInterfaceConfig() { | ||
| super(RestClient.builder() |
There was a problem hiding this comment.
P1: Bean configuration example builds a bare RestClient and passes it to HttpInterfacesAbstractConfigurator, which takes a WebClient and applies no OAuth2 configurer—clients will lack OAuth2 support and the snippet won’t compile.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/spring-http-interface-oauth/README.md, line 87:
<comment>Bean configuration example builds a bare RestClient and passes it to HttpInterfacesAbstractConfigurator, which takes a WebClient and applies no OAuth2 configurer—clients will lack OAuth2 support and the snippet won’t compile.</comment>
<file context>
@@ -78,31 +77,21 @@ spring:
- return factory.createClient(PetApi.class);
+ public HttpInterfaceConfig() {
+ super(RestClient.builder()
+ .baseUrl("https://petstore.example.com/v2")
+ .build());
</file context>
| sb.append(" firstName: ").append(toIndentedString(firstName)).append("\n"); | ||
| sb.append(" lastName: ").append(toIndentedString(lastName)).append("\n"); | ||
| sb.append(" email: ").append(toIndentedString(email)).append("\n"); | ||
| sb.append(" password: ").append(toIndentedString(password)).append("\n"); |
There was a problem hiding this comment.
P2: toString() prints the password value, risking credential leakage when the DTO is logged
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At samples/client/petstore/spring-http-interface-oauth/src/main/java/org/openapitools/model/UserDto.java, line 226:
<comment>toString() prints the password value, risking credential leakage when the DTO is logged</comment>
<file context>
@@ -0,0 +1,244 @@
+ sb.append(" firstName: ").append(toIndentedString(firstName)).append("\n");
+ sb.append(" lastName: ").append(toIndentedString(lastName)).append("\n");
+ sb.append(" email: ").append(toIndentedString(email)).append("\n");
+ sb.append(" password: ").append(toIndentedString(password)).append("\n");
+ sb.append(" phone: ").append(toIndentedString(phone)).append("\n");
+ sb.append(" userStatus: ").append(toIndentedString(userStatus)).append("\n");
</file context>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for generating Spring HTTP Interface clients with the
@ClientRegistrationIdannotation to enable OAuth2 with Spring Security.Changes
clientRegistrationIdadditional property and CLI option toSpringCodegenspring-http-interfacetemplate to import and apply@ClientRegistrationIdon the interface when setGenerated Code Example
PR checklist
masterJava Spring Technical Committee: @cachescrubber @welshm @MelleD @atextor @manedev79 @javisst @borsch @banlevente @Zomzog @martin-mfg