Add functionality to set custom web client in ReactiveOidcIdTokenDecoderFactory and that custom web client ultimately is used by NimbusReactiveJwtDecoder (spring-projectsgh-13274)

- resolve feedbacks
- added a couple of unit tests

Author: ubaid4j

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,6 +59,7 @@
  * @author Joe Grandja
  * @author Rafael Dominguez
  * @author Mark Heckler
+ * @author Ubaid ur Rehman
  * @since 5.2
  * @see ReactiveJwtDecoderFactory
  * @see ClientRegistration
@@ -90,7 +91,8 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
 			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
-	private WebClient webClient = WebClient.create();
+	private Function<ClientRegistration, WebClient> webClientResolver = (clientRegistration) -> WebClient.create();
+
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcIdToken}.
@@ -166,8 +168,7 @@ private NimbusReactiveJwtDecoder buildDecoder(ClientRegistration clientRegistrat
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 			}
 			return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm)
-					.webClient(webClient)
-					.build();
+					.webClient(this.webClientResolver.apply(clientRegistration)).build();
 		}
 		if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
@@ -243,14 +244,16 @@ public void setClaimTypeConverterFactory(
 	}
 
 	/**
-	 * Sets the custom web client that will be used in {@link NimbusReactiveJwtDecoder}.
-	 * The default webClient is created by {@code WebClient.create()}.
-	 * This is optional method if we need to set custom web client in {@link NimbusReactiveJwtDecoder}.
-	 *
-	 * @param webClient webclient
+	 * Sets the resolver that provides the {@link WebClient} that will be used in
+	 * {@link NimbusReactiveJwtDecoder}. The default resolver provides {@link WebClient}
+	 * that is created by {@code WebClient.create()}. This is optional method if we need
+	 * to set custom web client in {@link NimbusReactiveJwtDecoder}.
+	 * @param webClientResolver a function that will provide {@link WebClient} for a
+	 * {@link ClientRegistration}
 	 */
-	public void setWebClient(WebClient webClient) {
-		this.webClient = webClient;
+	public void setWebClientResolver(Function<ClientRegistration, WebClient> webClientResolver) {
+		Assert.notNull(webClientResolver, "webClientResolver cannot be null");
+		this.webClientResolver = webClientResolver;
 	}
 
 }

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,6 +34,7 @@
 import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -46,6 +47,7 @@
 /**
  * @author Joe Grandja
  * @author Rafael Dominguez
+ * @author Ubaid ur Rehman
  * @since 5.2
  */
 public class ReactiveOidcIdTokenDecoderFactoryTests {
@@ -94,6 +96,11 @@ public void setClaimTypeConverterFactoryWhenNullThenThrowIllegalArgumentExceptio
 				.isThrownBy(() -> this.idTokenDecoderFactory.setClaimTypeConverterFactory(null));
 	}
 
+	@Test
+	public void setWebClientResolverWhenNullThenThrowIllegalArgumentException() {
+		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.setWebClientResolver(null));
+	}
+
 	@Test
 	public void createDecoderWhenClientRegistrationNullThenThrowIllegalArgumentException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.idTokenDecoderFactory.createDecoder(null));
@@ -177,4 +184,15 @@ public void createDecoderWhenCustomClaimTypeConverterFactorySetThenApplied() {
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
 
+	@Test
+	public void createDecoderWhenCustomWebClientResolverSetThenApplied() {
+		WebClient webClient = mock(WebClient.class);
+		Function<ClientRegistration, WebClient> customWebClientResolver = mock(Function.class);
+		this.idTokenDecoderFactory.setWebClientResolver(customWebClientResolver);
+		ClientRegistration clientRegistration = this.registration.build();
+		given(customWebClientResolver.apply(clientRegistration)).willReturn(webClient);
+		this.idTokenDecoderFactory.createDecoder(clientRegistration);
+		verify(customWebClientResolver).apply(same(clientRegistration));
+	}
+
 }