Skip to content

UnsatisfiedDependencyException for OAuth2AuthorizedClientManagerRegistrar in Spring Security 6.2.8 #17009

Closed
@mantu-ms

Description

@mantu-ms

Describe the bug
I encountered an UnsatisfiedDependencyException while migrating from Spring Security 6.1.9 to 6.2.8. The exception occurs during the initialization of the OAuth2ClientConfiguration class, specifically when trying to create a bean for OAuth2AuthorizedClientManagerRegistrar.

ERROR [main] (ContextLoader.java294) - Context initialization failed 2025-04-22 20:14:02 org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setAuthorizedClientManagerRegistrar' parameter 0: No qualifying bean of type 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2AuthorizedClientManagerRegistrar' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}

To Reproduce

  • Upgrade Spring Security from 6.1.9 to 6.2.8.

  • Attempt to initialize the application context.

Expected behavior
The application context should initialize without errors, and the OAuth2AuthorizedClientManagerRegistrar bean should be correctly registered.

Actual Behavior
The application fails to initialize, throwing an UnsatisfiedDependencyException due to the missing OAuth2AuthorizedClientManagerRegistrar bean.

Sample Configuration

`
@configuration
public class CustomOAuth2ClientConfig {

    @bean
    public OAuth2AuthorizedClientManager authorizedClientManager(
            ClientRegistrationRepository clientRegistrationRepository,
            OAuth2AuthorizedClientRepository authorizedClientRepository) {
        OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
                .authorizationCode()
                .refreshToken()
                .clientCredentials()
                .password()
                .build();
        DefaultOAuth2AuthorizedClientManager authorizedClientManager =
                new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
        return authorizedClientManager;
    }
`
Additional Information

  • CustomOAuth2ClientConfig has other bean configuration like ClientRegistrationRepository, OAuth2ProtectedResourceDetailsCustom, OAuth2AuthorizedClientService, OAuth2AuthorizedClientRepository, AuthorizationRequestRepository, OAuth2AuthorizationRequestRedirectFilter, CustomOAuth2AuthorizationRequestResolver, CustomOAuth2LoginAuthenticationFilter, CustomOAuth2LoginAuthenticationProvider, DefaultAuthorizationCodeTokenResponseClient, CustomOAuth2UserService, OAuthAuthenticationFailureHandler

  • The migration guide for Spring Security 6.2 does not mention changes related to OAuth2AuthorizedClientManagerRegistrar, this was not there in 6.1.x, it's added in 6.2.x

  • @import Initialization Order in OAuth2ClientConfiguration could be problems ? : The OAuth2ClientWebMvcImportSelector is initialized before the OAuth2AuthorizedClientManagerConfiguration, but the latter creates the authorizedClientManagerRegistrar bean, which is required during the initialization of the former.

Environment:

Spring Security version: 6.2.8
Java version: 17
Build tool: Maven

Request for Help: I would appreciate any guidance on resolving this issue or confirmation if there is any config issue in my code

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: invalidAn issue that we don't feel is valid

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions