I'm working on a Spring Boot application that makes calls to multiple microservices running on different ports but under the same host (localhost) using Spring OpenFeign. These services are:
Service A on http://localhost:8081 Service B on http://localhost:8082 Service C on http://localhost:8083
Each service requires its own OAuth2 client credentials for secure communication. I've configured client credentials for each service in my application.yml under spring.security.oauth2.client.registration and provider sections, using the ports as part of the client registration keys.
However, I encounter the following issue during runtime:
Could not find ClientRegistration with id 'localhost'
It seems Spring Security is trying to resolve the OAuth2 client registration based on the hostname (localhost) rather than considering the entire URL including the port.
Question:
Is there a way within Spring Security OAuth2 or OpenFeign to specify a custom name or identifier for OAuth2 client registration that is independent of the URL's host? Ideally, I'd like OpenFeign to use a service-specific identifier (e.g., serviceA, serviceB, serviceC) that could directly match the configured client registrations, regardless of the URL being called.
What I've tried:
- Naming client registrations with ports (e.g., [localhost:8081]) in application.yml, which doesn't work as expected. Here is an example of how I configured one of the client registrations:
spring:
security:
oauth2:
client:
registration:
"[localhost:8081]":
clientId: clientIdA
clientSecret: clientSecretA
...
provider:
"[localhost:8081]":
tokenUri: http://localhost:8081/oauth/token
...
However, this approach leads to the error mentioned above as Spring seems to only consider the hostname part (localhost) of the registration key.
Searching for OpenFeign and Spring Security OAuth documentation for a way to map Feign clients to OAuth client registrations by a custom identifier rather than URL.
As a last resort, I tried replacing localhost with different loopback addresses for each service (e.g., 127.0.0.1 for service A, 127.0.0.2 for service B, and 127.0.0.3 for service C) in both the OpenFeign URLs and the OAuth client registrations, hoping it might trick Spring into treating them as distinct registrations. I'm not confident this approach is valid or sustainable, especially considering potential networking and DNS resolution implications:
spring:
security:
oauth2:
client:
registration:
127.0.0.1:
clientId: clientIdA
clientSecret: clientSecretA
# Assuming similar configurations for services B and C with their respective loopback IPs
Concerns and Constraints:
Using just localhost for all services won't work since it results in all services mapping to the same OAuth configuration, which is not my intention.
I'm seeking a solution that allows each Feign client to be explicitly associated with its own OAuth2 configuration without relying on URL hostnames, which seem to lead to conflicts.
Additional Context:
Spring Boot version: 3.1.2 Spring Cloud version: 2022.0.4 Spring Cloud starter openfeign: 4.0.4
Any suggestions or guidance on how to achieve this would be greatly appreciated!