-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reactive Security OAuth2 client doesn't propagate traces and baggage's in Spring Boot 3 #14946
Comments
Thanks for the report @DaceKonn! I'm not sure I agree with classifying this as a bug, and instead feel this might make a good enhancement request. I don't find anywhere in the docs that we state the OAuth2 Client features support downstream propagation. Do you find anything like that? Note that you will easily be able to configure a custom |
Thanks, @sjohnr, for taking it into consideration. |
@sjohnr Thank you for your response. I might have classified this as bug since "it worked previously" - which is an error on my side. As you stated, you didn't put in the documents any statement that OAuth2 Client supports downstream propagation. I'm a bit worried how I missed the setWebClient method, but still the required Security Config wouldn't be accepted - too much to override to change one client. The 6.3 example looks a bit better. I know that in my team it will be still frowned upon because of too many beans needing to be declared - but it is much clearer than the "6.3 prior" approach. Thanks again for your feedback. |
Describe the bug
The current version of Reactive OAuth Security doesn't follow all Observability documentation recommendations, therefore it doesn't propagate trace and baggage's over network. See: Docs Spring.io - 8.4. Propagating Traces
Class example:
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java
Where
WebClient.Builder()
is used statically - therefore it has NOOPObservationRegistry
and doesn't register Request Observations, and doesn't allow propagating traces (for example B3 Brave Zipkin Baggage's propagation).To Reproduce
Creating Reactive OAuth client and trying to send traces and baggage's to authentication server.
Expected behavior
OAuth calls from client to server in Reactive Security and Spring Boot 3 start proper request observations and propagate baggage's.
The text was updated successfully, but these errors were encountered: