fix: use String instead of enum for AuthMethods

See: #1774

security-oauth2/src/main/java/io/micronaut/security/oauth2/client/DefaultOpenIdClient.java

@@ -23,8 +23,6 @@
 import io.micronaut.security.authentication.Authentication;
 import io.micronaut.security.authentication.AuthenticationResponse;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
-import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
-import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
 import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
 import io.micronaut.security.oauth2.endpoint.authorization.request.AuthorizationRedirectHandler;
 import io.micronaut.security.oauth2.endpoint.authorization.request.AuthorizationRequest;
@@ -40,7 +38,6 @@
 import org.slf4j.LoggerFactory;
 import reactor.core.publisher.Flux;
 
-import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.function.Supplier;
@@ -89,7 +86,7 @@ public DefaultOpenIdClient(OauthClientConfiguration clientConfiguration,
         this.authorizationResponseHandler = authorizationResponseHandler;
         this.beanContext = beanContext;
         this.endSessionEndpoint = endSessionEndpoint;
-        this.tokenEndpoint = SupplierUtil.memoized(this::getTokenEndpoint);
+        this.tokenEndpoint = SupplierUtil.memoized(() -> openIdProviderMetadata.get().tokenEndpoint());
     }
 
     @Override
@@ -164,9 +161,10 @@ protected boolean isErrorCallback(ConvertibleMultiValues<String> responseData) {
 
     /**
      * @return The token endpoint
+     * @deprecated Not used.
      */
+    @Deprecated(forRemoval = true)
     protected SecureEndpoint getTokenEndpoint() {
-        Optional<List<AuthenticationMethod>> authMethodsSupported = openIdProviderMetadata.get().getTokenEndpointAuthMethods();
-        return new DefaultSecureEndpoint(openIdProviderMetadata.get().getTokenEndpoint(), authMethodsSupported.orElse(null));
+        return openIdProviderMetadata.get().tokenEndpoint();
     }
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdClientFactory.java

@@ -128,11 +128,11 @@ private void overrideFromConfig(DefaultOpenIdProviderMetadata configuration,
 
         oauthClientConfiguration.getIntrospection().ifPresent(introspection -> {
             introspection.getUrl().ifPresent(configuration::setIntrospectionEndpoint);
-            introspection.getAuthMethod().ifPresent(authMethod -> configuration.setIntrospectionEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
+            introspection.getAuthenticationMethod().ifPresent(authMethod -> configuration.setIntrospectionEndpointAuthMethodsSupported(Collections.singletonList(authMethod)));
         });
         oauthClientConfiguration.getRevocation().ifPresent(revocation -> {
             revocation.getUrl().ifPresent(configuration::setRevocationEndpoint);
-            revocation.getAuthMethod().ifPresent(authMethod -> configuration.setRevocationEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
+            revocation.getAuthenticationMethod().ifPresent(authMethod -> configuration.setRevocationEndpointAuthMethodsSupported(Collections.singletonList(authMethod)));
         });
         openIdClientConfiguration.getRegistration()
             .flatMap(EndpointConfiguration::getUrl).ifPresent(configuration::setRegistrationEndpoint);
@@ -145,7 +145,7 @@ private void overrideFromConfig(DefaultOpenIdProviderMetadata configuration,
         });
         openIdClientConfiguration.getToken().ifPresent(token -> {
             token.getUrl().ifPresent(configuration::setTokenEndpoint);
-            token.getAuthMethod().ifPresent(authMethod -> configuration.setTokenEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
+            token.getAuthenticationMethod().ifPresent(authMethod -> configuration.setTokenEndpointAuthMethodsSupported(Collections.singletonList(authMethod)));
         });
 
         EndSessionEndpointConfiguration endSession = openIdClientConfiguration.getEndSession();

security-oauth2/src/main/java/io/micronaut/security/oauth2/client/OpenIdProviderMetadata.java

@@ -15,10 +15,15 @@
  */
 package io.micronaut.security.oauth2.client;
 
+import io.micronaut.context.exceptions.ConfigurationException;
 import io.micronaut.core.annotation.NonNull;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.naming.Named;
 import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
+import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
+import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
+
+import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -366,7 +371,13 @@ default List<String> getUserinfoEncryptionAlgValuesSupported() {
     @Nullable
     String getEndSessionEndpoint();
 
+    /**
+     *
+     * @deprecated Use {@link OpenIdProviderMetadata#getTokenEndpointAuthMethodsSupported()} instead.
+     * @return the token endpoint authentication methods.
+     */
     @NonNull
+    @Deprecated(forRemoval = true)
     default Optional<List<AuthenticationMethod>> getTokenEndpointAuthMethods() {
         List<String> authMethodsSupported = getTokenEndpointAuthMethodsSupported();
         if (authMethodsSupported == null) {
@@ -377,4 +388,17 @@ default Optional<List<AuthenticationMethod>> getTokenEndpointAuthMethods() {
                 .map(AuthenticationMethod::valueOf)
                 .collect(Collectors.toList()));
     }
+
+    /**
+     *
+     * @since 4.10.1
+     * @return The Token endpoint
+     * @throws ConfigurationException if token endpoint url is not set in configuration
+     */
+    default SecureEndpoint tokenEndpoint() throws ConfigurationException {
+        if (getTokenEndpoint() == null) {
+            throw new ConfigurationException("token endpoint requires a token endpoint url");
+        }
+        return new DefaultSecureEndpoint(getTokenEndpoint(), getTokenEndpointAuthMethodsSupported() == null ? null : new HashSet<>(getTokenEndpointAuthMethodsSupported()));
+    }
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/client/clientcredentials/DefaultClientCredentialsOpenIdClient.java

@@ -19,13 +19,10 @@
 import io.micronaut.core.util.SupplierUtil;
 import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
 import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
-import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
-import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
 import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
 import io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient;
 import io.micronaut.security.oauth2.endpoint.token.request.context.ClientCredentialsTokenRequestContext;
-import java.util.List;
-import java.util.Optional;
+
 import java.util.function.Supplier;
 
 /**
@@ -62,7 +59,6 @@ protected ClientCredentialsTokenRequestContext createTokenRequestContext(String
      * @return The Token endpoint using the information in the open id provider metadata
      */
     protected SecureEndpoint getTokenEndpoint() {
-        Optional<List<AuthenticationMethod>> authMethodsSupported = openIdProviderMetadata.get().getTokenEndpointAuthMethods();
-        return new DefaultSecureEndpoint(openIdProviderMetadata.get().getTokenEndpoint(), authMethodsSupported.orElse(null));
+        return openIdProviderMetadata.get().tokenEndpoint();
     }
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/OauthClientConfiguration.java

@@ -20,15 +20,14 @@
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.core.util.Toggleable;
 import io.micronaut.security.oauth2.client.clientcredentials.ClientCredentialsConfiguration;
-import io.micronaut.security.oauth2.configuration.endpoints.EndpointConfiguration;
 import io.micronaut.security.oauth2.configuration.endpoints.OauthAuthorizationEndpointConfiguration;
 import io.micronaut.security.oauth2.configuration.endpoints.SecureEndpointConfiguration;
 import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
+import io.micronaut.security.oauth2.endpoint.AuthenticationMethods;
 import io.micronaut.security.oauth2.endpoint.DefaultSecureEndpoint;
 import io.micronaut.security.oauth2.endpoint.SecureEndpoint;
 import io.micronaut.security.oauth2.grants.GrantType;
 import java.time.Duration;
-import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 
@@ -40,8 +39,14 @@
  */
 public interface OauthClientConfiguration extends Toggleable {
 
+    /**
+     * @deprecated Use {@link OauthClientConfiguration#DEFAULT_AUTH_METHOD} instead.
+     */
+    @Deprecated(forRemoval = true)
     AuthenticationMethod DEFAULT_AUTHENTICATION_METHOD = AuthenticationMethod.CLIENT_SECRET_POST;
 
+    String DEFAULT_AUTH_METHOD = AuthenticationMethods.CLIENT_SECRET_POST;
+
     /**
      * The default advanced expiration value for client credentials grant.
      */
@@ -119,10 +124,7 @@ public interface OauthClientConfiguration extends Toggleable {
      * @throws ConfigurationException if token endpoint url is not set in configuration
      */
     default SecureEndpoint getTokenEndpoint() throws ConfigurationException {
-        Optional<SecureEndpointConfiguration> tokenOptional = getToken();
-        return new DefaultSecureEndpoint(tokenOptional.flatMap(EndpointConfiguration::getUrl)
-                .orElseThrow(() -> new ConfigurationException("Oauth client requires the token endpoint URL to be set in configuration")),
-                Collections.singletonList(tokenOptional.flatMap(SecureEndpointConfiguration::getAuthMethod)
-                        .orElse(DEFAULT_AUTHENTICATION_METHOD)));
+        return getToken().map(secureEndpointConfiguration -> new DefaultSecureEndpoint(secureEndpointConfiguration, DEFAULT_AUTH_METHOD))
+                .orElseThrow(() -> new ConfigurationException("Oauth client "  + getName() + " requires the token endpoint configuration to be set in configuration"));
     }
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/DefaultSecureEndpointConfiguration.java

@@ -17,6 +17,8 @@
 
 import io.micronaut.core.annotation.NonNull;
 import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
+import io.micronaut.security.oauth2.endpoint.AuthenticationMethods;
+
 import java.util.Optional;
 
 /**
@@ -27,18 +29,42 @@
  */
 public class DefaultSecureEndpointConfiguration extends DefaultEndpointConfiguration implements SecureEndpointConfiguration {
 
+    private String authenticationMethod = AuthenticationMethods.CLIENT_SECRET_BASIC;
+
+    /**
+     * @deprecated Use {@link DefaultSecureEndpointConfiguration#authenticationMethod} instead.
+     */
+    @Deprecated(forRemoval = true)
     private AuthenticationMethod authMethod = AuthenticationMethod.CLIENT_SECRET_BASIC;
 
+    /**
+     * @deprecated Use {@link DefaultSecureEndpointConfiguration#getAuthenticationMethod()} instead.
+     */
+    @Deprecated(forRemoval = true)
     @Override
     public Optional<AuthenticationMethod> getAuthMethod() {
         return Optional.ofNullable(authMethod);
     }
 
     /**
-     *
+     * @deprecated Use {@link DefaultSecureEndpointConfiguration#setAuthenticationMethod(String)} instead.
      * @param authMethod Authentication Method
      */
+    @Deprecated(forRemoval = true)
     public void setAuthMethod(@NonNull AuthenticationMethod authMethod) {
         this.authMethod = authMethod;
     }
+
+    @Override
+    public Optional<String> getAuthenticationMethod() {
+        return Optional.ofNullable(authenticationMethod);
+    }
+
+    /**
+     *
+     * @param authenticationMethod Authentication Method
+     */
+    public void setAuthenticationMethod(String authenticationMethod) {
+        this.authenticationMethod = authenticationMethod;
+    }
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/configuration/endpoints/SecureEndpointConfiguration.java

@@ -27,8 +27,15 @@
 public interface SecureEndpointConfiguration extends EndpointConfiguration {
 
     /**
-     *
+     * @deprecated Use {@link SecureEndpointConfiguration#getAuthenticationMethod()} instead.
      * @return An optional Authentication Method.
      */
+    @Deprecated(forRemoval = true)
     Optional<AuthenticationMethod> getAuthMethod();
+
+    /**
+     *
+     * @return An optional Authentication Method.
+     */
+    Optional<String> getAuthenticationMethod();
 }

security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/AuthenticationMethod.java

@@ -22,15 +22,17 @@
  * @see <a href="https://datatracker.ietf.org/doc/html/draft-campbell-oauth-mtls">Mutual TLS Profiles for OAuth Clients</a>
  * @author Sergio del Amo
  * @since 1.2.0
+ * @deprecated Use {@link io.micronaut.security.oauth2.endpoint.AuthenticationMethods} constants instead.
  */
+@Deprecated(forRemoval = true)
 public enum AuthenticationMethod {
 
-    CLIENT_SECRET_POST("client_secret_post"),
-    CLIENT_SECRET_BASIC("client_secret_basic"),
-    CLIENT_SECRET_JWT("client_secret_jwt"),
-    PRIVATE_KEY_JWT("private_key_jwt"),
-    TLS_CLIENT_AUTH("tls_client_auth"),
-    NONE("none");
+    CLIENT_SECRET_POST(AuthenticationMethods.CLIENT_SECRET_POST),
+    CLIENT_SECRET_BASIC(AuthenticationMethods.CLIENT_SECRET_BASIC),
+    CLIENT_SECRET_JWT(AuthenticationMethods.CLIENT_SECRET_JWT),
+    PRIVATE_KEY_JWT(AuthenticationMethods.PRIVATE_KEY_JWT),
+    TLS_CLIENT_AUTH(AuthenticationMethods.TLS_CLIENT_AUTH),
+    NONE(AuthenticationMethods.NONE);
 
     private String authMethod;
 

security-oauth2/src/main/java/io/micronaut/security/oauth2/endpoint/AuthenticationMethods.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2017-2024 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.security.oauth2.endpoint;
+
+/**
+ * Client Authentication methods constants that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint.
+ *
+ * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication">Client Authentication</a>
+ * @see <a href="https://datatracker.ietf.org/doc/html/draft-campbell-oauth-mtls">Mutual TLS Profiles for OAuth Clients</a>
+ * @author Sergio del Amo
+ * @since 4.10.1
+ */
+public final class AuthenticationMethods {
+    public static final String CLIENT_SECRET_POST = "client_secret_post";
+    public static final String CLIENT_SECRET_BASIC = "client_secret_basic";
+    public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
+    public static final String PRIVATE_KEY_JWT = "private_key_jwt";
+    public static final String TLS_CLIENT_AUTH = "tls_client_auth";
+    public static final String NONE = "none";
+
+    private AuthenticationMethods() {
+    }
+}