I want to use Crnk Client 3.4 to consume a JSON:API endpoint that is secured with OAuth2. I am using a client_credentials grant and Spring Security OAuth2 (with Boot) to configure the credentials.
Since the Spring team has decided to try to force everyone onto reactive WebClient, there is no out-of-the-box RestTemplate interceptor that can retrieve an access token from Spring Security OAuth2, which suggests that I'll have to do some level of integration on my own.
Is there a best practice for supplying an access token to a CrnkClient instance? The documentation mentions SecurityModule in passing, but it doesn't seem that it actually supports adding credentials. I could write a module, but it appears that to add headers I want to implement HttpAdapterListener, and modules don't provide a mechanism to register them; instead they have HttpRequestProcessor, which is not used at all by the client.
I can see two possible clean integration options; is either of these recommended or discouraged?
- Write the missing
ClientHttpRequestInterceptorto integrate Spring Security OAuth2. Create aRestTemplatein a bean method usingRestTemplateBuilderand add the OAuth2 interceptor. CallcrnkClient.setHttpAdapter(new RestTemplateAdapter(interceptedRt)). - Write a Crnk
ModuleimplementingHttpAdapterAwarethat is a Spring bean and contributes anHttpAdapterListenerthat retrieves the access token and callsHttpAdapterRequest#header.
