Update ref doc for oauth2-client

jgrandja · jgrandja · commit 1c257afa79bd · 2019-09-13T21:07:26.000-04:00
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc
@@ -179,8 +179,8 @@ public class OAuth2ClientController {
 
 	@RequestMapping("/")
 	public String index() {
-		ClientRegistration googleRegistration =
-			this.clientRegistrationRepository.findByRegistrationId("google");
+		ClientRegistration oktaRegistration =
+			this.clientRegistrationRepository.findByRegistrationId("okta");
 
 		...
 
@@ -207,38 +207,34 @@ Whereas, the primary role of `OAuth2AuthorizedClientService` is to manage `OAuth
 
 From a developer perspective, the `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` provides the capability to lookup an `OAuth2AccessToken` associated with a client so that it may be used to initiate a protected resource request.
 
-[NOTE]
-Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`.
-However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`.
-
 The following listing shows an example:
 
 [source,java]
 ----
 @Controller
-public class OAuth2LoginController {
+public class OAuth2ClientController {
 
-	@Autowired
-	private OAuth2AuthorizedClientService authorizedClientService;
+    @Autowired
+    private OAuth2AuthorizedClientService authorizedClientService;
 
-	@RequestMapping("/userinfo")
-	public String userinfo(OAuth2AuthenticationToken authentication) {
-		// authentication.getAuthorizedClientRegistrationId() returns the
-		// registrationId of the Client that was authorized during the oauth2Login() flow
-		OAuth2AuthorizedClient authorizedClient =
-			this.authorizedClientService.loadAuthorizedClient(
-				authentication.getAuthorizedClientRegistrationId(),
-				authentication.getName());
+    @RequestMapping("/")
+    public String index(Authentication authentication) {
+        OAuth2AuthorizedClient authorizedClient =
+            this.authorizedClientService.loadAuthorizedClient("okta", authentication.getName());
 
-		OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
+        OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
 
-		...
+        ...
 
-		return "userinfo";
-	}
+        return "index";
+    }
 }
 ----
 
+[NOTE]
+Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`.
+However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`.
+
 
 [[oauth2Client-authorized-manager-provider]]
 ==== OAuth2AuthorizedClientManager / OAuth2AuthorizedClientProvider
@@ -311,6 +307,29 @@ The `OAuth2AuthorizationRequestRedirectFilter` uses an `OAuth2AuthorizationReque
 The primary role of the `OAuth2AuthorizationRequestResolver` is to resolve an `OAuth2AuthorizationRequest` from the provided web request.
 The default implementation `DefaultOAuth2AuthorizationRequestResolver` matches on the (default) path `/oauth2/authorization/{registrationId}` extracting the `registrationId` and using it to build the `OAuth2AuthorizationRequest` for the associated `ClientRegistration`.
 
+Given the following Spring Boot 2.x properties for an OAuth 2.0 Client registration:
+
+[source,yaml]
+----
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          okta:
+            client-id: okta-client-id
+            client-secret: okta-client-secret
+            authorization-grant-type: authorization_code
+            redirect-uri: "{baseUrl}/authorized/okta"
+            scope: read, write
+----
+
+A request with the base path `/oauth2/authorization/okta` will initiate the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter` and ultimately start the Authorization Code grant flow.
+
+[NOTE]
+The `AuthorizationCodeOAuth2AuthorizedClientProvider` is an implementation of `OAuth2AuthorizedClientProvider` for the Authorization Code grant,
+which also initiates the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter`.
+
 
 ===== Customizing the Authorization Request
 
@@ -471,7 +490,7 @@ Please refer to the https://tools.ietf.org/html/rfc6749#section-4.1.3[Access Tok
 
 The primary role of the `OAuth2AccessTokenResponseClient` is to exchange an authorization grant credential for an access token credential at the Authorization Server's Token Endpoint.
 
-The default implementation of `OAuth2AccessTokenResponseClient` for the `authorization_code` grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint.
+The default implementation of `OAuth2AccessTokenResponseClient` for the Authorization Code grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint.
 
 The `DefaultAuthorizationCodeTokenResponseClient` is quite flexible as it allows you to customize the pre-processing of the Token Request and/or post-handling of the Token Response.
 
@@ -543,15 +562,15 @@ This is a convenient alternative compared to looking up the `OAuth2AuthorizedCli
 [source,java]
 ----
 @Controller
-public class OAuth2LoginController {
+public class OAuth2ClientController {
 
-	@RequestMapping("/userinfo")
-	public String userinfo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) {
+	@RequestMapping("/")
+	public String index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) {
 		OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
 
 		...
 
-		return "userinfo";
+		return "index";
 	}
 }
 ----
