Skip to content

Refactor oauth2-resource-server deprecated calls#18500

Closed
paulvas wants to merge 1 commit into
spring-projects:7.0.xfrom
paulvas:fix/oauth2-resource-server-deprecated-calls
Closed

Refactor oauth2-resource-server deprecated calls#18500
paulvas wants to merge 1 commit into
spring-projects:7.0.xfrom
paulvas:fix/oauth2-resource-server-deprecated-calls

Conversation

@paulvas

@paulvas paulvas commented Jan 15, 2026

Copy link
Copy Markdown
Contributor

This pull request refactors tests for both SpringOpaqueTokenIntrospector and SpringReactiveOpaqueTokenIntrospector to use their new builder APIs instead of direct constructors. It also updates tests to reflect changes in how client credentials encoding is handled, ensuring that special characters are now supported. Additionally, the tests for constructor argument validation have been updated for consistency with the new builder pattern.

Builder API migration:

  • Replaced direct constructor calls with the new builder pattern (withIntrospectionUri, clientId, clientSecret, build) in all relevant test cases for both SpringOpaqueTokenIntrospector and SpringReactiveOpaqueTokenIntrospector. [1] [2] [3] [4]

Constructor validation updates:

  • Updated tests for null/empty constructor arguments to use the builder API, and changed one test to validate null instead of empty string for clientId in the reactive introspector. [1] [2]

Client credentials encoding changes:

  • Removed tests that expected failures when client credentials contained special characters, and updated them to expect successful authentication and correct attribute mapping, reflecting improved support for special characters in credentials. [1] [2] [3]

@paulvas
Refactor SpringOpaqueTokenIntrospector and SpringReactiveOpaqueTokenI…
d3379fa 
…ntrospector to use builder pattern for instantiation

Closes spring-projectsgh-18436
Signed-off-by: paulvas <paulvas@gmail.com>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 15, 2026
@rwinch

rwinch commented Jan 21, 2026

Copy link
Copy Markdown
Member

Thank you for the pull request, but we need to keep testing methods even if they are using deprecated methods within Spring Security (we still want to test deprecated methods). I've added additional guidance around this to the parent issue:

Tests need to continue testing deprecated methods and thus can have suppress added along with new tests with the replacement method (if it doesn't exist)

With this in mind, I'm closing this pull request. However, if you are able to help out with the new guidance I'd love to see a new pull request!

@rwinch rwinch closed this Jan 21, 2026
@rwinch rwinch self-assigned this Jan 21, 2026
@rwinch rwinch added status: declined A suggestion or change that we don't feel we should currently apply in: build An issue in the build in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rwinch rwinch

Labels

in: build An issue in the build in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: declined A suggestion or change that we don't feel we should currently apply

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@paulvas @rwinch @spring-projects-issues