Allow injecting the principal name into DefaultOAuth2User

- Add username field to DefaultOAuth2User
- Deprecate constructor that uses nameAttributeKey lookup
- Add static factory method withUsername() for direct username injection
- Update Jackson mixin to maintain backward compatibility
- Preserve serialization format by excluding username field

This change prepares for SpEL support in the next commit.

Signed-off-by: yybmion <[email protected]>

Author: yybmion

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
@@ -31,7 +32,14 @@
 /**
  * This mixin class is used to serialize/deserialize {@link DefaultOAuth2User}.
  *
+ * <p>
+ * Note: The {@code username} field is intentionally excluded from serialization as it's a
+ * derived value that can be reconstructed from {@code nameAttributeKey} and
+ * {@code attributes} during deserialization.
+ * </p>
+ *
  * @author Joe Grandja
+ * @author YooBin Yoon
  * @since 5.3
  * @see DefaultOAuth2User
  * @see OAuth2ClientJackson2Module
@@ -42,6 +50,9 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class DefaultOAuth2UserMixin {
 
+	@JsonIgnore
+	private String username;
+
 	@JsonCreator
 	DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("attributes") Map<String, Object> attributes,

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -119,51 +119,51 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut
 			// @formatter:off
 			Mono<Map<String, Object>> userAttributes = requestHeadersSpec.retrieve()
 					.onStatus(HttpStatusCode::isError, (response) ->
-						parse(response)
-							.map((userInfoErrorResponse) -> {
-								String description = userInfoErrorResponse.getErrorObject().getDescription();
-								OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
-									null);
-								throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
-							})
+							parse(response)
+									.map((userInfoErrorResponse) -> {
+										String description = userInfoErrorResponse.getErrorObject().getDescription();
+										OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, description,
+												null);
+										throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+									})
 					)
 					.bodyToMono(DefaultReactiveOAuth2UserService.STRING_OBJECT_MAP)
 					.mapNotNull((attributes) -> this.attributesConverter.convert(userRequest).convert(attributes));
 			return userAttributes.map((attrs) -> {
-				GrantedAuthority authority = new OAuth2UserAuthority(attrs, userNameAttributeName);
-				Set<GrantedAuthority> authorities = new HashSet<>();
-				authorities.add(authority);
-				OAuth2AccessToken token = userRequest.getAccessToken();
-				for (String scope : token.getScopes()) {
-					authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
-				}
-
-				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
-			})
-			.onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException ||
-					ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> {
-				String contentType = (ex instanceof UnsupportedMediaTypeException) ?
-						((UnsupportedMediaTypeException) ex).getContentType().toString() :
-						((UnsupportedMediaTypeException) ex.getCause()).getContentType().toString();
-				String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
-						+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
+						GrantedAuthority authority = new OAuth2UserAuthority(attrs, userNameAttributeName);
+						Set<GrantedAuthority> authorities = new HashSet<>();
+						authorities.add(authority);
+						OAuth2AccessToken token = userRequest.getAccessToken();
+						for (String scope : token.getScopes()) {
+							authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
+						}
+
+						return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
+					})
+					.onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException ||
+							ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> {
+						String contentType = (ex instanceof UnsupportedMediaTypeException) ?
+								((UnsupportedMediaTypeException) ex).getContentType().toString() :
+								((UnsupportedMediaTypeException) ex.getCause()).getContentType().toString();
+						String errorMessage = "An error occurred while attempting to retrieve the UserInfo Resource from '"
+								+ userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
 								.getUri()
-						+ "': response contains invalid content type '" + contentType + "'. "
-						+ "The UserInfo Response should return a JSON object (content type 'application/json') "
-						+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
-						+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
-						+ userRequest.getClientRegistration().getRegistrationId()
-						+ "' conforms to the UserInfo Endpoint, "
-						+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
-						null);
-				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
-			})
-			.onErrorMap((ex) -> {
-				OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
-						"An error occurred reading the UserInfo response: " + ex.getMessage(), null);
-				return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
-			});
+								+ "': response contains invalid content type '" + contentType + "'. "
+								+ "The UserInfo Response should return a JSON object (content type 'application/json') "
+								+ "that contains a collection of name and value pairs of the claims about the authenticated End-User. "
+								+ "Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '"
+								+ userRequest.getClientRegistration().getRegistrationId()
+								+ "' conforms to the UserInfo Endpoint, "
+								+ "as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'";
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, errorMessage,
+								null);
+						throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
+					})
+					.onErrorMap((ex) -> {
+						OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE,
+								"An error occurred reading the UserInfo response: " + ex.getMessage(), null);
+						return new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString(), ex);
+					});
 		});
 		// @formatter:on
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserServiceTests.java

@@ -128,13 +128,13 @@ public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2Authentication
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"user-name\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"user-name\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
@@ -204,12 +204,12 @@ public void loadUserWhenNestedUserInfoSuccessThenReturnUser() {
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "	\"user-name\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n";
+				+ "	\"user-name\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
@@ -295,13 +295,13 @@ public void loadUserWhenUserInfoUriInvalidThenThrowOAuth2AuthenticationException
 	public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exception {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"user-name\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"user-name\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
@@ -319,13 +319,13 @@ public void loadUserWhenUserInfoSuccessResponseThenAcceptHeaderJson() throws Exc
 	public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodGet() throws Exception {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"user-name\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"user-name\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();
@@ -346,13 +346,13 @@ public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodG
 	public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPost() throws Exception {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"user-name\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"user-name\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		this.server.enqueue(jsonResponse(userInfoResponse));
 		String userInfoUri = this.server.url("/user").toString();

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserServiceTests.java

@@ -121,13 +121,13 @@ public void loadUserWhenUserNameAttributeNameIsNullThenThrowOAuth2Authentication
 	public void loadUserWhenUserInfoSuccessResponseThenReturnUser() {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"id\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"id\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		OAuth2User user = this.userService.loadUser(oauth2UserRequest()).block();
@@ -213,13 +213,13 @@ public void loadUserWhenAuthenticationMethodHeaderSuccessResponseThenHttpMethodG
 		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.HEADER);
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"id\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"id\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		this.userService.loadUser(oauth2UserRequest()).block();
@@ -236,13 +236,13 @@ public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPos
 		this.clientRegistration.userInfoAuthenticationMethod(AuthenticationMethod.FORM);
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "   \"id\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n"
-			+ "}\n";
+				+ "   \"id\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n"
+				+ "}\n";
 		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);
 		this.userService.loadUser(oauth2UserRequest()).block();
@@ -257,12 +257,12 @@ public void loadUserWhenAuthenticationMethodFormSuccessResponseThenHttpMethodPos
 	public void loadUserWhenUserInfoSuccessResponseInvalidThenThrowOAuth2AuthenticationException() {
 		// @formatter:off
 		String userInfoResponse = "{\n"
-			+ "	\"id\": \"user1\",\n"
-			+ "   \"first-name\": \"first\",\n"
-			+ "   \"last-name\": \"last\",\n"
-			+ "   \"middle-name\": \"middle\",\n"
-			+ "   \"address\": \"address\",\n"
-			+ "   \"email\": \"[email protected]\"\n";
+				+ "	\"id\": \"user1\",\n"
+				+ "   \"first-name\": \"first\",\n"
+				+ "   \"last-name\": \"last\",\n"
+				+ "   \"middle-name\": \"middle\",\n"
+				+ "   \"address\": \"address\",\n"
+				+ "   \"email\": \"[email protected]\"\n";
 		// "}\n"; // Make the JSON invalid/malformed
 		// @formatter:on
 		enqueueApplicationJsonBody(userInfoResponse);