PrincipalExtractor and AuthoritiesExtractor are not getting called

Question

I have a simple OAuth2 application. I started off by creating a SecurityConfig extending WebSecurityConfigurerAdapter and annotated with @EnableOAuth2Sso. I\'ve created an A

Answer 1

I struggled with this for a while. The reason why my AuthoritiesExtractor bean isn't called is because newer version of Spring do not use spring oauth2 autoconfigure and AuthoritiesExtractor is the oauth2 autoconfigure way to overwrite role mapping.

In current versions of spring-security you can use the delegation-based strategy with OAuth2UserService. The sample in the documentation should be enough to get you going. I'm using Kotlin, so my sample probably won't work for you.

There is also the GrantedAuthoritiesMapper which should be closer to the AuthoritiesExtractor method.