[Spring] Add clientRegistrationId option for OAuth2 HTTP Interface (#22726)

* feat(spring): Add @ClientRegistrationId support for Spring HTTP Interface

Add support for the @ClientRegistrationId annotation in Spring HTTP Interface
generated clients to enable OAuth2 authentication integration with Spring Security.

Changes:
- Add new clientRegistrationId configuration option in SpringCodegen
- Update api.mustache template to include @ClientRegistrationId annotation
- Add import for org.springframework.security.oauth2.client.annotation.ClientRegistrationId
- Process clientRegistrationId in postProcessOperationsWithModels
- Add sample configuration and example output

The @ClientRegistrationId annotation automatically associates OAuth2 tokens
with HTTP requests when using Spring Security 7.0+ HTTP Service Client integration.

Usage:
  openapi-generator-cli generate -g spring \
    --library spring-http-interface \
    --additional-properties clientRegistrationId=my-oauth-client \
    -i spec.yaml -o ./output

Related documentation:
https://docs.spring.io/spring-security/reference/features/integrations/rest/http-service-client.html

* refactor: Move @ClientRegistrationId annotation to class level

Move the @ClientRegistrationId annotation from individual methods to the
interface class level, following Spring Security's recommended practice.

Changes:
- Update api.mustache to place annotation on interface declaration
- Modify SpringCodegen to set clientRegistrationId on operations map
- Update sample code to show class-level annotation
- Update README with improved example and explanation

This approach is cleaner and avoids repeating the annotation on every method,
as recommended in Spring Security documentation.

* test(spring): Add unit tests for clientRegistrationId option

Add tests to verify:
- @ClientRegistrationId annotation is generated when option is set
- Annotation is not present when option is not configured

Also regenerate complete samples for spring-http-interface-oauth config.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: Add OAuth2 configuration example to README

- Add README.md to .openapi-generator-ignore to preserve custom docs
- Include proper OAuth2ClientHttpRequestInterceptor configuration example
- Document Spring Boot 3.5+ / Spring Security 6.5+ requirements

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: Retrigger CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: Regenerate samples and docs after rebase on master

Make the spring-http-interface-oauth sample fully generator-driven
instead of hand-patching its pom:
- pom-sb3/sb4.mustache: emit spring-boot-starter-oauth2-client when
  clientRegistrationId is set
- spring-http-interface-oauth.yaml: set parent to Spring Boot 3.5.0
  (required by @ClientRegistrationId / Spring Security 6.5+)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: update java-camel generator options

* chore: refresh spring http interface oauth sample

* fix: require Spring Boot 4 for client registration id

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: ng-galien

bin/configs/spring-http-interface-oauth.yaml

@@ -0,0 +1,15 @@
+generatorName: spring
+library: spring-http-interface
+outputDir: samples/client/petstore/spring-http-interface-oauth
+inputSpec: modules/openapi-generator/src/test/resources/3_0/spring/petstore-with-fake-endpoints-models-for-testing.yaml
+templateDir: modules/openapi-generator/src/main/resources/JavaSpring
+additionalProperties:
+  artifactId: spring-http-interface-oauth
+  snapshotVersion: "true"
+  hideGenerationTimestamp: "true"
+  modelNameSuffix: 'Dto'
+  generatedConstructorWithRequiredArgs: "false"
+  clientRegistrationId: "petstore-oauth"
+  useSpringBoot4: "true"
+  useJackson3: true
+  openApiNullable: false

docs/generators/java-camel.md

@@ -43,6 +43,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 |camelSecurityDefinitions|generate camel security definitions| |true|
 |camelUseDefaultValidationErrorProcessor|generate default validation error processor| |true|
 |camelValidationErrorProcessor|validation error processor bean name| |validationErrorProcessor|
+|clientRegistrationId|Client registration ID for OAuth2 in Spring HTTP Interface (@ClientRegistrationId annotation). Requires library=spring-http-interface and useSpringBoot4=true (Spring Security 7).| |null|
 |configPackage|configuration package for generated code| |org.openapitools.configuration|
 |containerDefaultToNull|Set containers (array, set, map) default to null| |false|
 |dateLibrary|Option. Date library to use|<dl><dt>**joda**</dt><dd>Joda (for legacy app only)</dd><dt>**legacy**</dt><dd>Legacy java.util.Date</dd><dt>**java8-localdatetime**</dt><dd>Java 8 using LocalDateTime (for legacy app only)</dd><dt>**java8**</dt><dd>Java 8 native JSR310 (preferred for jdk 1.8+)</dd></dl>|java8|

docs/generators/spring.md

@@ -36,6 +36,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 |bigDecimalAsString|Treat BigDecimal values as Strings to avoid precision loss.| |false|
 |booleanGetterPrefix|Set booleanGetterPrefix| |get|
 |camelCaseDollarSign|Fix camelCase when starting with $ sign. when true : $Value when false : $value| |false|
+|clientRegistrationId|Client registration ID for OAuth2 in Spring HTTP Interface (@ClientRegistrationId annotation). Requires library=spring-http-interface and useSpringBoot4=true (Spring Security 7).| |null|
 |configPackage|configuration package for generated code| |org.openapitools.configuration|
 |containerDefaultToNull|Set containers (array, set, map) default to null| |false|
 |dateLibrary|Option. Date library to use|<dl><dt>**joda**</dt><dd>Joda (for legacy app only)</dd><dt>**legacy**</dt><dd>Legacy java.util.Date</dd><dt>**java8-localdatetime**</dt><dd>Java 8 using LocalDateTime (for legacy app only)</dd><dt>**java8**</dt><dd>Java 8 native JSR310 (preferred for jdk 1.8+)</dd></dl>|java8|

modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/SpringCodegen.java

@@ -122,6 +122,7 @@ public class SpringCodegen extends AbstractJavaCodegen
     public static final String GENERATE_SORT_VALIDATION = "generateSortValidation";
     public static final String GENERATE_PAGEABLE_CONSTRAINT_VALIDATION = "generatePageableConstraintValidation";
     public static final String SUBSTITUTE_GENERIC_PAGED_MODEL = "substituteGenericPagedModel";
+    public static final String CLIENT_REGISTRATION_ID = "clientRegistrationId";
 
     @Getter
     public enum RequestMappingMode {
@@ -196,6 +197,8 @@ public enum RequestMappingMode {
     @Setter protected boolean generateSortValidation = false;
     @Setter protected boolean generatePageableConstraintValidation = false;
     @Setter protected boolean substituteGenericPagedModel = false;
+    @Getter @Setter
+    protected String clientRegistrationId = null;
 
     // Map from operationId to allowed sort values for @ValidSort annotation generation
     private Map<String, List<String>> sortValidationEnums = new HashMap<>();
@@ -344,6 +347,7 @@ public SpringCodegen() {
             .defaultValue("false")
         );
         cliOptions.add(CliOption.newBoolean(USE_JSPECIFY, "Use Jspecify for null checks", useJspecify));
+        cliOptions.add(CliOption.newString(CLIENT_REGISTRATION_ID, "Client registration ID for OAuth2 in Spring HTTP Interface (@ClientRegistrationId annotation). Requires library=spring-http-interface and useSpringBoot4=true (Spring Security 7)."));
         supportedLibraries.put(SPRING_BOOT, "Spring-boot Server application.");
         supportedLibraries.put(SPRING_CLOUD_LIBRARY,
                 "Spring-Cloud-Feign client with Spring-Boot auto-configured settings.");
@@ -566,6 +570,7 @@ public void processOpts() {
         convertPropertyToBooleanAndWriteBack(OPTIONAL_ACCEPT_NULLABLE, this::setOptionalAcceptNullable);
         convertPropertyToBooleanAndWriteBack(USE_SPRING_BUILT_IN_VALIDATION, this::setUseSpringBuiltInValidation);
         convertPropertyToBooleanAndWriteBack(CodegenConstants.USE_DEDUCTION_FOR_ONE_OF_INTERFACES, this::setUseDeductionForOneOfInterfaces);
+        convertPropertyToStringAndWriteBack(CLIENT_REGISTRATION_ID, this::setClientRegistrationId);
 
         additionalProperties.put("springHttpStatus", new SpringHttpStatusLambda());
 
@@ -577,6 +582,14 @@ public void processOpts() {
         if (isUseSpringBoot4()) {
             setUseSpringBoot3(false);
         }
+        if (isNotEmpty(clientRegistrationId)) {
+            if (!SPRING_HTTP_INTERFACE.equals(library)) {
+                throw new IllegalArgumentException(CLIENT_REGISTRATION_ID + " is only supported with the " + SPRING_HTTP_INTERFACE + " library");
+            }
+            if (!isUseSpringBoot4()) {
+                throw new IllegalArgumentException(CLIENT_REGISTRATION_ID + " requires " + USE_SPRING_BOOT4 + "=true because @ClientRegistrationId is provided by Spring Security 7");
+            }
+        }
 
         if (isUseSpringBoot3() || isUseSpringBoot4()) {
             if (AnnotationLibrary.SWAGGER1.equals(getAnnotationLibrary())) {
@@ -1012,6 +1025,11 @@ public void setIsVoid(boolean isVoid) {
             // But use a sensible tag name if there is none
             objs.put("tagName", "default".equals(firstTagName) ? firstOperation.baseName : firstTagName);
             objs.put("tagDescription", escapeText(firstTag.getDescription()));
+
+            // Add clientRegistrationId for spring-http-interface with OAuth
+            if (SPRING_HTTP_INTERFACE.equals(library) && clientRegistrationId != null && !clientRegistrationId.isEmpty()) {
+                operations.put("clientRegistrationId", clientRegistrationId);
+            }
         }
 
         removeImport(objs, "java.util.List");

modules/openapi-generator/src/main/resources/JavaSpring/libraries/spring-http-interface/api.mustache

@@ -15,6 +15,9 @@ import org.springframework.http.ResponseEntity;
 {{/useResponseEntity}}
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.service.annotation.*;
+{{#clientRegistrationId}}
+import org.springframework.security.oauth2.client.annotation.ClientRegistrationId;
+{{/clientRegistrationId}}
 import org.springframework.web.multipart.MultipartFile;
 {{#useBeanValidation}}
 import {{javaxPackage}}.validation.Valid;
@@ -38,6 +41,9 @@ import {{javaxPackage}}.annotation.Generated;
 {{>generatedAnnotation}}
 
 {{#operations}}
+{{#clientRegistrationId}}
+@ClientRegistrationId("{{clientRegistrationId}}")
+{{/clientRegistrationId}}
 public interface {{classname}} {
 {{#operation}}
 

modules/openapi-generator/src/main/resources/JavaSpring/libraries/spring-http-interface/pom-sb4.mustache

@@ -112,6 +112,12 @@
             <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
         {{/performBeanValidation}}{{/useBeanValidation}}
+        {{#clientRegistrationId}}
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+        {{/clientRegistrationId}}
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-{{#reactive}}web{{/reactive}}{{^reactive}}rest{{/reactive}}client-test</artifactId>

modules/openapi-generator/src/test/java/org/openapitools/codegen/java/spring/SpringCodegenTest.java

@@ -6584,6 +6584,83 @@ public void shouldAddNullableImportForArrayTypeModels() throws IOException {
                 .hasImports("org.springframework.lang.Nullable");
     }
 
+    @Test
+    public void testClientRegistrationIdAnnotation() throws IOException {
+        final SpringCodegen codegen = new SpringCodegen();
+        codegen.setLibrary("spring-http-interface");
+        codegen.setUseSpringBoot4(true);
+        codegen.setClientRegistrationId("my-oauth-client");
+
+        final Map<String, File> files = generateFiles(codegen, "src/test/resources/3_0/petstore.yaml");
+
+        // Check that the @ClientRegistrationId annotation is generated at class level
+        JavaFileAssert.assertThat(files.get("PetApi.java"))
+                .hasImports("org.springframework.security.oauth2.client.annotation.ClientRegistrationId")
+                .assertTypeAnnotations()
+                .containsWithNameAndAttributes("ClientRegistrationId", ImmutableMap.of("value", "\"my-oauth-client\""));
+    }
+
+    @Test
+    public void testClientRegistrationIdAnnotationNotPresentWhenNotConfigured() throws IOException {
+        final SpringCodegen codegen = new SpringCodegen();
+        codegen.setLibrary("spring-http-interface");
+        codegen.setUseSpringBoot4(true);
+        // clientRegistrationId not set
+
+        final Map<String, File> files = generateFiles(codegen, "src/test/resources/3_0/petstore.yaml");
+
+        // Check that the @ClientRegistrationId annotation is NOT generated
+        assertFileNotContains(files.get("PetApi.java").toPath(), "@ClientRegistrationId", "ClientRegistrationId");
+    }
+
+    @Test
+    public void shouldRefuseClientRegistrationIdWithoutSpringBoot4() throws IOException {
+        File output = Files.createTempDirectory("test").toFile().getCanonicalFile();
+        output.deleteOnExit();
+
+        final OpenAPI openAPI = TestUtils.parseFlattenSpec("src/test/resources/3_0/petstore.yaml");
+        final SpringCodegen codegen = new SpringCodegen();
+        codegen.setOpenAPI(openAPI);
+        codegen.setOutputDir(output.getAbsolutePath());
+        codegen.setLibrary("spring-http-interface");
+        codegen.setClientRegistrationId("my-oauth-client");
+
+        ClientOptInput input = new ClientOptInput();
+        input.openAPI(openAPI);
+        input.config(codegen);
+
+        Generator generator = new DefaultGenerator()
+                .opts(input);
+
+        Assertions.assertThatExceptionOfType(IllegalArgumentException.class)
+                .isThrownBy(generator::generate)
+                .withMessageContaining(SpringCodegen.USE_SPRING_BOOT4);
+    }
+
+    @Test
+    public void shouldRefuseClientRegistrationIdOutsideSpringHttpInterface() throws IOException {
+        File output = Files.createTempDirectory("test").toFile().getCanonicalFile();
+        output.deleteOnExit();
+
+        final OpenAPI openAPI = TestUtils.parseFlattenSpec("src/test/resources/3_0/petstore.yaml");
+        final SpringCodegen codegen = new SpringCodegen();
+        codegen.setOpenAPI(openAPI);
+        codegen.setOutputDir(output.getAbsolutePath());
+        codegen.setUseSpringBoot4(true);
+        codegen.setClientRegistrationId("my-oauth-client");
+
+        ClientOptInput input = new ClientOptInput();
+        input.openAPI(openAPI);
+        input.config(codegen);
+
+        Generator generator = new DefaultGenerator()
+                .opts(input);
+
+        Assertions.assertThatExceptionOfType(IllegalArgumentException.class)
+                .isThrownBy(generator::generate)
+                .withMessageContaining("spring-http-interface");
+    }
+
     @Test
     public void shouldRefuseJackson3WithoutSpringboot4() throws IOException {
         File output = Files.createTempDirectory("test").toFile().getCanonicalFile();

samples/client/petstore/spring-http-interface-oauth/.openapi-generator-ignore

@@ -0,0 +1,26 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md
+
+# Preserve custom OAuth2 documentation
+README.md

samples/client/petstore/spring-http-interface-oauth/.openapi-generator/FILES

@@ -0,0 +1,58 @@
+pom.xml
+src/main/java/org/openapitools/api/AnotherFakeApi.java
+src/main/java/org/openapitools/api/FakeApi.java
+src/main/java/org/openapitools/api/FakeClassnameTags123Api.java
+src/main/java/org/openapitools/api/PetApi.java
+src/main/java/org/openapitools/api/StoreApi.java
+src/main/java/org/openapitools/api/UserApi.java
+src/main/java/org/openapitools/configuration/HttpInterfacesAbstractConfigurator.java
+src/main/java/org/openapitools/model/AdditionalPropertiesAnyTypeDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesArrayDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesBooleanDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesClassDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesIntegerDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesNumberDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesObjectDto.java
+src/main/java/org/openapitools/model/AdditionalPropertiesStringDto.java
+src/main/java/org/openapitools/model/AnimalDto.java
+src/main/java/org/openapitools/model/ApiResponseDto.java
+src/main/java/org/openapitools/model/ArrayOfArrayOfNumberOnlyDto.java
+src/main/java/org/openapitools/model/ArrayOfNumberOnlyDto.java
+src/main/java/org/openapitools/model/ArrayTestDto.java
+src/main/java/org/openapitools/model/BigCatDto.java
+src/main/java/org/openapitools/model/CapitalizationDto.java
+src/main/java/org/openapitools/model/CatDto.java
+src/main/java/org/openapitools/model/CategoryDto.java
+src/main/java/org/openapitools/model/ChildWithNullableDto.java
+src/main/java/org/openapitools/model/ClassModelDto.java
+src/main/java/org/openapitools/model/ClientDto.java
+src/main/java/org/openapitools/model/ContainerDefaultValueDto.java
+src/main/java/org/openapitools/model/DogDto.java
+src/main/java/org/openapitools/model/EnumArraysDto.java
+src/main/java/org/openapitools/model/EnumClassDto.java
+src/main/java/org/openapitools/model/EnumTestDto.java
+src/main/java/org/openapitools/model/FileDto.java
+src/main/java/org/openapitools/model/FileSchemaTestClassDto.java
+src/main/java/org/openapitools/model/FormatTestDto.java
+src/main/java/org/openapitools/model/HasOnlyReadOnlyDto.java
+src/main/java/org/openapitools/model/ListDto.java
+src/main/java/org/openapitools/model/MapTestDto.java
+src/main/java/org/openapitools/model/MixedPropertiesAndAdditionalPropertiesClassDto.java
+src/main/java/org/openapitools/model/Model200ResponseDto.java
+src/main/java/org/openapitools/model/NameDto.java
+src/main/java/org/openapitools/model/NullableMapPropertyDto.java
+src/main/java/org/openapitools/model/NumberOnlyDto.java
+src/main/java/org/openapitools/model/OrderDto.java
+src/main/java/org/openapitools/model/OuterCompositeDto.java
+src/main/java/org/openapitools/model/OuterEnumDto.java
+src/main/java/org/openapitools/model/ParentWithNullableDto.java
+src/main/java/org/openapitools/model/PetDto.java
+src/main/java/org/openapitools/model/ReadOnlyFirstDto.java
+src/main/java/org/openapitools/model/ResponseObjectWithDifferentFieldNamesDto.java
+src/main/java/org/openapitools/model/ReturnDto.java
+src/main/java/org/openapitools/model/SpecialModelNameDto.java
+src/main/java/org/openapitools/model/TagDto.java
+src/main/java/org/openapitools/model/TypeHolderDefaultDto.java
+src/main/java/org/openapitools/model/TypeHolderExampleDto.java
+src/main/java/org/openapitools/model/UserDto.java
+src/main/java/org/openapitools/model/XmlItemDto.java

samples/client/petstore/spring-http-interface-oauth/.openapi-generator/VERSION

@@ -0,0 +1 @@
+7.23.0-SNAPSHOT