Into my local:
$ env | grep SPRING_SECURITY
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_ID=rdocelec
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_SECRET={noop}xxx
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_AUTHENTICATION_METHODS_0=client_secret_basic
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_AUTHORIZATION_GRANT_TYPES_0=client_credentials
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_SCOPES_0=api
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REQUIRE_AUTHORIZATION_CONSENT=true
Above environment values are binded correctly:
❯ http localhost:9090/actuator/configprops -b | yq '.contexts.application.beans."spring.security.oauth2.authorizationserver-org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties".inputs'
{
"client": {
"oidc-client": {
"registration": {
"clientId": {
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_ID\""
},
"clientSecret": {
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_SECRET\""
},
"clientAuthenticationMethods": [
{
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_AUTHENTICATION_METHODS_0\""
}
],
"authorizationGrantTypes": [
{
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_AUTHORIZATION_GRANT_TYPES_0\""
}
],
"redirectUris": [],
"postLogoutRedirectUris": [],
"scopes": [
{
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_SCOPES_0\""
}
]
},
"requireProofKey": {},
"requireAuthorizationConsent": {
"value": "******",
"origin": "System Environment Property \"SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REQUIRE_AUTHORIZATION_CONSENT\""
},
"token": {
"authorizationCodeTimeToLive": {},
"accessTokenTimeToLive": {},
"accessTokenFormat": {},
"deviceCodeTimeToLive": {},
"reuseRefreshTokens": {},
"refreshTokenTimeToLive": {},
"idTokenSignatureAlgorithm": {}
}
}
},
"endpoint": {
"authorizationUri": {},
"deviceAuthorizationUri": {},
"deviceVerificationUri": {},
"tokenUri": {},
"jwkSetUri": {},
"tokenRevocationUri": {},
"tokenIntrospectionUri": {},
"oidc": {
"logoutUri": {},
"clientRegistrationUri": {},
"userInfoUri": {}
}
}
}
Nevertheless, into my pod:
+ kubectl exec -it oauthz-7d9fbdbf6f-4g8cf -- bash
oauthz-7d9fbdbf6f-4g8cf:/$ env | grep SPRING_SECURITY
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_SCOPES_0=api
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_SECRET={noop}xxx
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REQUIRE_AUTHORIZATION_CONSENT=true
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_AUTHORIZATION_GRANT_TYPES_0=client_credentials
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_AUTHENTICATION_METHODS_0=client_secret_basic
SPRING_SECURITY_OAUTH2_AUTHORIZATIONSERVER_CLIENT_OIDC_CLIENT_REGISTRATION_CLIENT_ID=rdocelec
When I'm trying to look up them on actuator:
❯ http http://des.keycloak.espaidoc-keycloak.apps.ocpdes.t-systems.es/actuator/configprops -b | yq '.contexts.application.beans."spring.security.oauth2.authorizationserver-org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties"'
{
"prefix": "spring.security.oauth2.authorizationserver",
"properties": {
"client": {},
"endpoint": {
"authorizationUri": "******",
"deviceAuthorizationUri": "******",
"deviceVerificationUri": "******",
"tokenUri": "******",
"jwkSetUri": "******",
"tokenRevocationUri": "******",
"tokenIntrospectionUri": "******",
"oidc": {
"logoutUri": "******",
"clientRegistrationUri": "******",
"userInfoUri": "******"
}
}
},
"inputs": {
"client": {},
"endpoint": {
"authorizationUri": {},
"deviceAuthorizationUri": {},
"deviceVerificationUri": {},
"tokenUri": {},
"jwkSetUri": {},
"tokenRevocationUri": {},
"tokenIntrospectionUri": {},
"oidc": {
"logoutUri": {},
"clientRegistrationUri": {},
"userInfoUri": {}
}
}
}
}
Any ideas?