Description
Expected Behavior
ClientRegistrations RestTemplate is configurable.
Current Behavior
ClientRegistrations RestTemplate is not configurable, see code
Context
Currently the ClientRegistrations RestTemplate does not allow customization. As of July 2020 this was the agreed upon design (#8882 (comment)).
My use case is to utilize a custom key store and trust store for the oauth2 client to communicate with the authentication server. In order for the oauth2 client to utilize a custom key store and trust store the jvm defaults must be updated.
-Djavax.net.ssl.trustStore=XXXX
-Djavax.net.ssl.trustStorePassword=XXXX
-Djavax.net.ssl.keyStore=XXXX
-Djavax.net.ssl.keyStoreAlias=XXXX
-Djavax.net.ssl.keyStorePassword=XXXX
This seems to be overkill, requiring an update to the jvm defaults in order to update the oauth2 client configuration. Given that the RestTemplate is highly configurable, why not expose the RestTemplate for configuration? A configuration could look like below:
spring.security.oauth2.client.registration.[registrationId].ssl.bundle
- SSL configuration
spring.security.oauth2.client.registration.[registrationId].ssl.keystorePath
spring.security.oauth2.client.registration.[registrationId].ssl.keystorePassword
spring.security.oauth2.client.registration.[registrationId].ssl.keyStoreAlias
spring.security.oauth2.client.registration.[registrationId].ssl.trustStorePath
spring.security.oauth2.client.registration.[registrationId].ssl.trustStorePassword
Exposing configuration would allow for tighter control of what configurations are allowed on the RestTemplate. Alternatively the ClientRegistrations RestTemplate could utlize the RestTemplateBuilder as proposed here (#7027 (comment)) and be fully configurable.