spring-bootoauth-2.0spring-security-oauth2spring-webclientclientcredential

How to make spring webclient follow redirect with access token/authorization header?


We are using spring boot 2.4.5 with webflux and calling a service with client credentials grant type. What we noticed is that webclient is not following redirects.

How can we enable webclient to follow redirects where it can continue passing access token until it get the http 200?

Adding following code snippet does not pass the access token to redirected url and it is returning 401.

 WebClient.builder()
                .clientConnector(new ReactorClientHttpConnector(
                        HttpClient.create().followRedirect(true)
                ))

Solution

  • The sensitive headers like the Authorization are removed from the initialized request when redirecting to a different domain.

    You can use the following variant of followRedirect(boolean):

    followRedirect(boolean followRedirect, Consumer<HttpClientRequest> redirectRequestConsumer)
    

    In order to re-add the Authorization header using redirectRequestConsumer.

    For more details see the Javadoc here and Reactor Netty documentation here.