OAuth2ConfigurerUtils should respect @Primary #2183
Description
Describe the bug
I'm trying to override existing OAuth2AuthorizationService by define a new @Primary bean:
@Primary
@Bean
public OAuth2AuthorizationService myOauth2AuthorizationService(JdbcOAuth2AuthorizationService oauth2AuthorizationService) {
return new OAuth2AuthorizationService() {
...
@Override
public OAuth2Authorization findByToken(String token, OAuth2TokenType tokenType) {
// TODO ...
return oauth2AuthorizationService.findByToken(token, tokenType);
}
};
}The error message is confusing but we cannot blame to Spring Boot:
2025-09-02T17:16:10.356+08:00 ERROR 25341 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
Method authorizationServerSecurityFilterChain in com.example.AuthorizationServerConfiguration required a single bean, but 2 were found:
- myOauth2AuthorizationService: defined by method 'myOauth2AuthorizationService' in class path resource [com/example/AuthorizationServerConfiguration.class]
- oauth2AuthorizationService: defined by method 'oauth2AuthorizationService' in class path resource [com/example/AuthorizationServerConfiguration.class]
This may be due to missing parameter name information
Action:
Consider marking one of the beans as @Primary, updating the consumer to accept multiple beans, or using @Qualifier to identify the bean that should be consumed
Because the root cause is:
org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type 'org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService' available: Expected single matching bean of type 'org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService' but found 2: myOAuth2AuthorizationService,oauth2AuthorizationService
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getOptionalBean(OAuth2ConfigurerUtils.java:231)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ConfigurerUtils.getAuthorizationService(OAuth2ConfigurerUtils.java:79)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ClientAuthenticationConfigurer.createDefaultAuthenticationProviders(OAuth2ClientAuthenticationConfigurer.java:261)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2ClientAuthenticationConfigurer.init(OAuth2ClientAuthenticationConfigurer.java:208)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.lambda$init$5(OAuth2AuthorizationServerConfigurer.java:367)
at java.base/java.util.LinkedHashMap$LinkedValues.forEach(LinkedHashMap.java:833)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.init(OAuth2AuthorizationServerConfigurer.java:366)
at org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer.init(OAuth2AuthorizationServerConfigurer.java:86)
Suggestion
getBean(HttpSecurity httpSecurity, Class<T> type) and getOptionalBean(..) should align with getBean(HttpSecurity httpSecurity, Class<T> type).
I'd like to submit PR if the proposal is accepted.