Deprecate ClientRegistration.redirectUriTemplate

Closes gh-8906

Author: jgrandja

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -2129,7 +2129,7 @@ public HttpSecurity saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>> sa
 	 * 			.clientSecret("google-client-secret")
 	 * 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 	 * 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-	 * 			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+	 * 			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 	 * 			.scope("openid", "profile", "email", "address", "phone")
 	 * 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 	 * 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -2223,7 +2223,7 @@ public OAuth2LoginConfigurer<HttpSecurity> oauth2Login() throws Exception {
 	 * 			.clientSecret("google-client-secret")
 	 * 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 	 * 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-	 * 			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+	 * 			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 	 * 			.scope("openid", "profile", "email", "address", "phone")
 	 * 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 	 * 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")

config/src/main/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParser.java

@@ -114,7 +114,7 @@ private List<ClientRegistration> getClientRegistrations(Element element, ParserC
 					.map(AuthorizationGrantType::new)
 					.ifPresent(builder::authorizationGrantType);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_REDIRECT_URI))
-					.ifPresent(builder::redirectUriTemplate);
+					.ifPresent(builder::redirectUri);
 			getOptionalIfNotEmpty(clientRegistrationElt.getAttribute(ATT_SCOPE))
 					.map(StringUtils::commaDelimitedListToSet)
 					.ifPresent(builder::scope);

config/src/main/java/org/springframework/security/config/oauth2/client/CommonOAuth2Provider.java

@@ -101,7 +101,7 @@ protected final ClientRegistration.Builder getBuilder(String registrationId,
 		ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(registrationId);
 		builder.clientAuthenticationMethod(method);
 		builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
-		builder.redirectUriTemplate(redirectUri);
+		builder.redirectUri(redirectUri);
 		return builder;
 	}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java

@@ -106,7 +106,7 @@ public void setup() {
 			.clientSecret("secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/client-1")
+			.redirectUri("{baseUrl}/client-1")
 			.scope("user")
 			.authorizationUri("https://provider.com/oauth2/authorize")
 			.tokenUri("https://provider.com/oauth2/token")

config/src/test/java/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests.java

@@ -114,7 +114,7 @@ public void requestWhenCustomClientRegistrationRepositoryThenCalled() throws Exc
 		ClientRegistration clientRegistration = CommonOAuth2Provider.GOOGLE.getBuilder("google")
 				.clientId("google-client-id")
 				.clientSecret("google-client-secret")
-				.redirectUriTemplate("http://localhost/callback/google")
+				.redirectUri("http://localhost/callback/google")
 				.scope("scope1", "scope2")
 				.build();
 		when(this.clientRegistrationRepository.findByRegistrationId(any())).thenReturn(clientRegistration);
@@ -238,7 +238,7 @@ private static OAuth2AuthorizationRequest createAuthorizationRequest(ClientRegis
 		return OAuth2AuthorizationRequest.authorizationCode()
 				.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.clientId(clientRegistration.getClientId())
-				.redirectUri(clientRegistration.getRedirectUriTemplate())
+				.redirectUri(clientRegistration.getRedirectUri())
 				.scopes(clientRegistration.getScopes())
 				.state("state")
 				.attributes(attributes)

config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java

@@ -151,7 +151,7 @@ public void parseWhenIssuerUriConfiguredThenRequestConfigFromIssuer() throws Exc
 		assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
+		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
 
@@ -181,7 +181,7 @@ public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
 		assertThat(googleRegistration.getClientSecret()).isEqualTo("google-client-secret");
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(googleRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
+		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(googleRegistration.getClientName()).isEqualTo("Google");
 
@@ -205,7 +205,7 @@ public void parseWhenMultipleClientsConfiguredThenAvailableInRepository() {
 		assertThat(githubRegistration.getClientSecret()).isEqualTo("github-client-secret");
 		assertThat(githubRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(githubRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(githubRegistration.getRedirectUriTemplate()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
+		assertThat(githubRegistration.getRedirectUri()).isEqualTo("{baseUrl}/login/oauth2/code/{registrationId}");
 		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid,profile,email"));
 		assertThat(githubRegistration.getClientName()).isEqualTo("Github");
 

config/src/test/java/org/springframework/security/config/oauth2/client/CommonOAuth2ProviderTests.java

@@ -53,7 +53,7 @@ public void getBuilderWhenGoogleShouldHaveGoogleSettings() {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Google");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -76,7 +76,7 @@ public void getBuilderWhenGitHubShouldHaveGitHubSettings() {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("read:user");
 		assertThat(registration.getClientName()).isEqualTo("GitHub");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -99,7 +99,7 @@ public void getBuilderWhenFacebookShouldHaveFacebookSettings() {
 			.isEqualTo(ClientAuthenticationMethod.POST);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("public_profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Facebook");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");
@@ -124,7 +124,7 @@ public void getBuilderWhenOktaShouldHaveOktaSettings() {
 			.isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(registration.getAuthorizationGrantType())
 			.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
-		assertThat(registration.getRedirectUriTemplate()).isEqualTo(DEFAULT_REDIRECT_URL);
+		assertThat(registration.getRedirectUri()).isEqualTo(DEFAULT_REDIRECT_URL);
 		assertThat(registration.getScopes()).containsOnly("openid", "profile", "email");
 		assertThat(registration.getClientName()).isEqualTo("Okta");
 		assertThat(registration.getRegistrationId()).isEqualTo("123");

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-client.adoc

@@ -156,7 +156,7 @@ public final class ClientRegistration {
 	private String clientSecret;	<3>
 	private ClientAuthenticationMethod clientAuthenticationMethod;	<4>
 	private AuthorizationGrantType authorizationGrantType;	<5>
-	private String redirectUriTemplate;	<6>
+	private String redirectUri;	<6>
 	private Set<String> scopes;	<7>
 	private ProviderDetails providerDetails;
 	private String clientName;	<8>
@@ -185,7 +185,7 @@ public final class ClientRegistration {
 The supported values are *basic*, *post* and *none* https://tools.ietf.org/html/rfc6749#section-2.1[(public clients)].
 <5> `authorizationGrantType`: The OAuth 2.0 Authorization Framework defines four https://tools.ietf.org/html/rfc6749#section-1.3[Authorization Grant] types.
  The supported values are `authorization_code`, `client_credentials` and `password`.
-<6> `redirectUriTemplate`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
+<6> `redirectUri`: The client's registered redirect URI that the _Authorization Server_ redirects the end-user's user-agent
  to after the end-user has authenticated and authorized access to the client.
 <7> `scopes`: The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.
 <8> `clientName`: A descriptive name used for the client.

docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-login.adoc

@@ -114,7 +114,7 @@ The following table outlines the mapping of the Spring Boot 2.x OAuth Client pro
 |`authorizationGrantType`
 
 |`spring.security.oauth2.client.registration._[registrationId]_.redirect-uri`
-|`redirectUriTemplate`
+|`redirectUri`
 
 |`spring.security.oauth2.client.registration._[registrationId]_.scope`
 |`scopes`
@@ -266,7 +266,7 @@ public class OAuth2LoginConfig {
 			.clientSecret("google-client-secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 			.scope("openid", "profile", "email", "address", "phone")
 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -360,7 +360,7 @@ public class OAuth2LoginConfig {
 			.clientSecret("google-client-secret")
 			.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 			.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-			.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+			.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
 			.scope("openid", "profile", "email", "address", "phone")
 			.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
 			.tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -403,7 +403,7 @@ class OAuth2LoginConfig {
                 .clientSecret("google-client-secret")
                 .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                 .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-                .redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
+                .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                 .scope("openid", "profile", "email", "address", "phone")
                 .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
                 .tokenUri("https://www.googleapis.com/oauth2/v4/token")
@@ -854,7 +854,7 @@ class OAuth2LoginSecurityConfig : WebSecurityConfigurerAdapter() {
 
 [IMPORTANT]
 ====
-You also need to ensure the `ClientRegistration.redirectUriTemplate` matches the custom Authorization Response `baseUri`.
+You also need to ensure the `ClientRegistration.redirectUri` matches the custom Authorization Response `baseUri`.
 
 The following listing shows an example:
 
@@ -863,7 +863,7 @@ The following listing shows an example:
 return CommonOAuth2Provider.GOOGLE.getBuilder("google")
 	.clientId("google-client-id")
 	.clientSecret("google-client-secret")
-	.redirectUriTemplate("{baseUrl}/login/oauth2/callback/{registrationId}")
+	.redirectUri("{baseUrl}/login/oauth2/callback/{registrationId}")
 	.build();
 ----
 ====

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java

@@ -67,7 +67,7 @@ public ClientRegistration deserialize(JsonParser parser, DeserializationContext
 				.authorizationGrantType(
 						AUTHORIZATION_GRANT_TYPE_CONVERTER.convert(
 								findObjectNode(clientRegistrationNode, "authorizationGrantType")))
-				.redirectUriTemplate(findStringValue(clientRegistrationNode, "redirectUriTemplate"))
+				.redirectUri(findStringValue(clientRegistrationNode, "redirectUri"))
 				.scope(findValue(clientRegistrationNode, "scopes", SET_TYPE_REFERENCE, mapper))
 				.clientName(findStringValue(clientRegistrationNode, "clientName"))
 				.authorizationUri(findStringValue(providerDetailsNode, "authorizationUri"))