Describe the bug
During application startup RefreshTokenOAuth2AuthorizedClientProvider is created by org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration.OAuth2AuthorizedClientManagerRegistrar#getRefreshTokenAuthorizedClientProvider
and because of
|
private OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient = new RestClientRefreshTokenTokenResponseClient(); |
it requires quite some time (300ms; ~3% of my application startup time is spent there) to initialize because it creates a HttpClient:
Currently it's not possible in any way to disable this behavior because
- There is no constructor of
RefreshTokenOAuth2AuthorizedClientProvider that leaves accessTokenResponseClient empty
- The classes can't be overriden/proxied because they are all declared
final
- I'm not sure why this is the case because
OAuth2AuthorizedClientManagerRegistrar#getAuthorizedClientProviderByType checks for subclasses of this type which is impossible when they have been declared final
To Reproduce
N/A see code above
Expected behavior
- Create a constructor of
RefreshTokenOAuth2AuthorizedClientProvider that does not initialize accessTokenResponseClient
- Make
RefreshTokenOAuth2AuthorizedClientProvider not final so that users can provide their custom implementations. This should be done for all classes that implement OAuth2AuthorizedClientProvider
- Maybe initialize the default
RestClientRefreshTokenTokenResponseClient on a background thread if available to not slow down the application start
Sample
Already described above
Describe the bug
During application startup
RefreshTokenOAuth2AuthorizedClientProvideris created byorg.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration.OAuth2AuthorizedClientManagerRegistrar#getRefreshTokenAuthorizedClientProviderand because of
spring-security/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/RefreshTokenOAuth2AuthorizedClientProvider.java
Line 53 in 9161ece
it requires quite some time (300ms; ~3% of my application startup time is spent there) to initialize because it creates a HttpClient:
Currently it's not possible in any way to disable this behavior because
RefreshTokenOAuth2AuthorizedClientProviderthat leavesaccessTokenResponseClientemptyfinalOAuth2AuthorizedClientManagerRegistrar#getAuthorizedClientProviderByTypechecks for subclasses of this type which is impossible when they have been declaredfinalTo Reproduce
N/A see code above
Expected behavior
RefreshTokenOAuth2AuthorizedClientProviderthat does not initializeaccessTokenResponseClientRefreshTokenOAuth2AuthorizedClientProvidernot final so that users can provide their custom implementations. This should be done for all classes that implementOAuth2AuthorizedClientProviderRestClientRefreshTokenTokenResponseClienton a background thread if available to not slow down the application startSample
Already described above