Revert OAuth2 Client Registration Grant Type Hierarchy

Closes gh-14554

Revert OAuth2 Client Registration Grant Type Hierarchy
Closes gh-14554
daa3d457 · Madhura Bhave · 546bd89f · daa3d457 · daa3d457 · 546bd89f
Commit daa3d457 authored Oct 04, 2018 by Madhura Bhave
15 changed files
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientsConfiguredCondition.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ClientsConfiguredCondition.java
@@ -16,7 +16,6 @@
 package org.springframework.boot.autoconfigure.security.oauth2.client;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -36,46 +35,32 @@ import org.springframework.core.type.AnnotatedTypeMetadata;
 * @author Madhura Bhave
 * @since 2.1.0
 */
-public class ClientsConfiguredCondition extends SpringBootCondition {
-	private static final Bindable<Map<String, OAuth2ClientProperties.LoginClientRegistration>> STRING_LOGIN_REGISTRATION_MAP = Bindable
+public class ClientsConfiguredCondition extends SpringBootCondition {
-			.mapOf(String.class, OAuth2ClientProperties.LoginClientRegistration.class);
-	private static final Bindable<Map<String, OAuth2ClientProperties.AuthorizationCodeClientRegistration>> STRING_AUTHORIZATION_CODE_REGISTRATION_MAP = Bindable
+	private static final Bindable<Map<String, OAuth2ClientProperties.Registration>> STRING_REGISTRATION_MAP = Bindable
-			.mapOf(String.class,
+			.mapOf(String.class, OAuth2ClientProperties.Registration.class);
-					OAuth2ClientProperties.AuthorizationCodeClientRegistration.class);
 	@Override
 	public ConditionOutcome getMatchOutcome(ConditionContext context,
 			AnnotatedTypeMetadata metadata) {
 		ConditionMessage.Builder message = ConditionMessage
 				.forCondition("OAuth2 Clients Configured Condition");
-		Map<String, OAuth2ClientProperties.BaseClientRegistration> registrations = getRegistrations(
+		Map<String, OAuth2ClientProperties.Registration> registrations = getRegistrations(
 				context.getEnvironment());
 		if (!registrations.isEmpty()) {
-			return ConditionOutcome.match(message.foundExactly(
+			return ConditionOutcome.match(message
-					"registered clients " + registrations.values().stream().map(
+					.foundExactly("registered clients " + registrations.values().stream()
-							OAuth2ClientProperties.BaseClientRegistration::getClientId)
+							.map(OAuth2ClientProperties.Registration::getClientId)
 							.collect(Collectors.joining(", "))));
 		}
 		return ConditionOutcome.noMatch(message.notAvailable("registered clients"));
 	}
-	private Map<String, OAuth2ClientProperties.BaseClientRegistration> getRegistrations(
+	private Map<String, OAuth2ClientProperties.Registration> getRegistrations(
 			Environment environment) {
-		Map<String, OAuth2ClientProperties.BaseClientRegistration> registrations = new HashMap<>();
+		return Binder.get(environment).bind("spring.security.oauth2.client.registration",
-		Map<String, OAuth2ClientProperties.LoginClientRegistration> loginClientRegistrations = Binder
+				STRING_REGISTRATION_MAP).orElse(Collections.emptyMap());
-				.get(environment).bind("spring.security.oauth2.client.registration.login",
-						STRING_LOGIN_REGISTRATION_MAP)
-				.orElse(Collections.emptyMap());
-		Map<String, OAuth2ClientProperties.AuthorizationCodeClientRegistration> authCodeClientRegistrations = Binder
-				.get(environment)
-				.bind("spring.security.oauth2.client.registration.authorizationcode",
-						STRING_AUTHORIZATION_CODE_REGISTRATION_MAP)
-				.orElse(Collections.emptyMap());
-		registrations.putAll(loginClientRegistrations);
-		registrations.putAll(authCodeClientRegistrations);
-		return registrations;
 	}
 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java
@@ -44,115 +44,31 @@ public class OAuth2ClientProperties {
 	/**
 	 * OAuth client registrations.
 	 */
-	private final Registration registration = new Registration();
+	private final Map<String, Registration> registration = new HashMap<>();
 	public Map<String, Provider> getProvider() {
 		return this.provider;
 	}
-	public Registration getRegistration() {
+	public Map<String, Registration> getRegistration() {
 		return this.registration;
 	}
 	@PostConstruct
 	public void validate() {
-		this.getRegistration().getLogin().values().forEach(this::validateRegistration);
+		this.getRegistration().values().forEach(this::validateRegistration);
-		this.getRegistration().getAuthorizationCode().values()
-				.forEach(this::validateRegistration);
 	}
-	private void validateRegistration(BaseClientRegistration registration) {
+	private void validateRegistration(Registration registration) {
 		if (!StringUtils.hasText(registration.getClientId())) {
 			throw new IllegalStateException("Client id must not be empty.");
 		}
 	}
-	public static class Registration {
-		/**
-		 * OpenID Connect client registrations.
-		 */
-		private Map<String, LoginClientRegistration> login = new HashMap<>();
-		/**
-		 * OAuth2 authorization_code client registrations.
-		 */
-		private Map<String, AuthorizationCodeClientRegistration> authorizationCode = new HashMap<>();
-		public Map<String, LoginClientRegistration> getLogin() {
-			return this.login;
-		}
-		public void setLogin(Map<String, LoginClientRegistration> login) {
-			this.login = login;
-		}
-		public Map<String, AuthorizationCodeClientRegistration> getAuthorizationCode() {
-			return this.authorizationCode;
-		}
-		public void setAuthorizationCode(
-				Map<String, AuthorizationCodeClientRegistration> authorizationCode) {
-			this.authorizationCode = authorizationCode;
-		}
-	}
 	/**
-	 * A single client registration for OpenID Connect login.
+	 * A single client registration.
 	 */
-	public static class LoginClientRegistration extends BaseClientRegistration {
+	public static class Registration {
-		/**
-		 * Redirect URI. May be left blank when using a pre-defined provider.
-		 */
-		private String redirectUri;
-		public String getRedirectUri() {
-			return this.redirectUri;
-		}
-		public void setRedirectUri(String redirectUri) {
-			this.redirectUri = redirectUri;
-		}
-		@Deprecated
-		public String getRedirectUriTemplate() {
-			return getRedirectUri();
-		}
-		@Deprecated
-		public void setRedirectUriTemplate(String redirectUri) {
-			setRedirectUri(redirectUri);
-		}
-	}
-	/**
-	 * A single client registration for OAuth2 authorization_code flow.
-	 */
-	public static class AuthorizationCodeClientRegistration
-			extends BaseClientRegistration {
-		/**
-		 * Redirect URI for the registration.
-		 */
-		private String redirectUri;
-		public String getRedirectUri() {
-			return this.redirectUri;
-		}
-		public void setRedirectUri(String redirectUri) {
-			this.redirectUri = redirectUri;
-		}
-	}
-	/**
-	 * Base class for a single client registration.
-	 */
-	public static class BaseClientRegistration {
 		/**
 		 * Reference to the OAuth 2.0 provider to use. May reference an element from the
@@ -182,6 +98,11 @@ public class OAuth2ClientProperties {
 		 */
 		private String authorizationGrantType;
+		/**
+		 * Redirect URI. May be left blank when using a pre-defined provider.
+		 */
+		private String redirectUri;
 		/**
 		 * Authorization scopes. May be left blank when using a pre-defined provider.
 		 */
@@ -232,6 +153,24 @@ public class OAuth2ClientProperties {
 			this.authorizationGrantType = authorizationGrantType;
 		}
+		public String getRedirectUri() {
+			return this.redirectUri;
+		}
+		public void setRedirectUri(String redirectUri) {
+			this.redirectUri = redirectUri;
+		}
+		@Deprecated
+		public String getRedirectUriTemplate() {
+			return getRedirectUri();
+		}
+		@Deprecated
+		public void setRedirectUriTemplate(String redirectUri) {
+			setRedirectUri(redirectUri);
+		}
 		public Set<String> getScope() {
 			return this.scope;
 		}

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesEnvironmentPostProcessor.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesEnvironmentPostProcessor.java
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.boot.autoconfigure.security.oauth2.client;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.function.Supplier;
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.context.config.ConfigFileApplicationListener;
-import org.springframework.boot.context.properties.bind.Bindable;
-import org.springframework.boot.context.properties.bind.Binder;
-import org.springframework.boot.context.properties.source.ConfigurationPropertyName;
-import org.springframework.boot.context.properties.source.ConfigurationPropertySource;
-import org.springframework.boot.context.properties.source.ConfigurationPropertySources;
-import org.springframework.boot.env.EnvironmentPostProcessor;
-import org.springframework.core.Ordered;
-import org.springframework.core.env.ConfigurableEnvironment;
-import org.springframework.core.env.MapPropertySource;
-/**
- * {@link EnvironmentPostProcessor} that migrates legacy OAuth2 login client properties
- * under the `spring.security.oauth2.client.login` prefix.
- *
- * @author Madhura Bhave
- * @since 2.1.0
- */
-public class OAuth2ClientPropertiesEnvironmentPostProcessor
-		implements EnvironmentPostProcessor, Ordered {
-	private static final Bindable<Map<String, OAuth2ClientProperties.LoginClientRegistration>> STRING_LEGACY_REGISTRATION_MAP = Bindable
-			.mapOf(String.class, OAuth2ClientProperties.LoginClientRegistration.class);
-	private static final String PREFIX = "spring.security.oauth2.client.registration";
-	private static final String LOGIN_REGISTRATION_PREFIX = PREFIX + ".login.";
-	private static final String UPDATED_PROPERTY_SOURCE_SUFFIX = "-updated-oauth-client";
-	private int order = ConfigFileApplicationListener.DEFAULT_ORDER + 1;
-	@Override
-	public void postProcessEnvironment(ConfigurableEnvironment environment,
-			SpringApplication application) {
-		environment.getPropertySources().forEach((propertySource) -> {
-			String name = propertySource.getName();
-			Iterable<ConfigurationPropertySource> sources = ConfigurationPropertySources
-					.from(propertySource);
-			ConfigurationPropertySource source = sources.iterator().next();
-			Binder binder = new Binder(sources);
-			Map<String, Object> map = new LinkedHashMap<>();
-			MapPropertySource updatedPropertySource = new MapPropertySource(
-					name + UPDATED_PROPERTY_SOURCE_SUFFIX, map);
-			Map<String, OAuth2ClientProperties.LoginClientRegistration> registrations = binder
-					.bind(PREFIX, STRING_LEGACY_REGISTRATION_MAP)
-					.orElse(Collections.emptyMap());
-			registrations.entrySet()
-					.forEach((entry) -> addProperties(entry, source, map));
-			if (!map.isEmpty()) {
-				environment.getPropertySources().addBefore(name, updatedPropertySource);
-			}
-		});
-	}
-	private void addProperties(
-			Map.Entry<String, OAuth2ClientProperties.LoginClientRegistration> entry,
-			ConfigurationPropertySource source, Map<String, Object> map) {
-		OAuth2ClientProperties.LoginClientRegistration registration = entry.getValue();
-		String registrationId = entry.getKey();
-		addProperty(registrationId, "client-id", registration::getClientId, map, source);
-		addProperty(registrationId, "client-secret", registration::getClientSecret, map,
-				source);
-		addProperty(registrationId, "client-name", registration::getClientName, map,
-				source);
-		addProperty(registrationId, "redirect-uri-template", registration::getRedirectUri,
-				map, source);
-		addProperty(registrationId, "authorization-grant-type",
-				registration::getAuthorizationGrantType, map, source);
-		addProperty(registrationId, "client-authentication-method",
-				registration::getClientAuthenticationMethod, map, source);
-		addProperty(registrationId, "provider", registration::getProvider, map, source);
-		addProperty(registrationId, "scope", registration::getScope, map, source);
-	}
-	private void addProperty(String registrationId, String property,
-			Supplier<Object> valueSupplier, Map<String, Object> map,
-			ConfigurationPropertySource source) {
-		String registrationKey = PREFIX + "." + registrationId + ".";
-		String loginRegistrationKey = LOGIN_REGISTRATION_PREFIX + registrationId + ".";
-		if (source.getConfigurationProperty(
-				ConfigurationPropertyName.of(registrationKey + property)) != null) {
-			map.put(loginRegistrationKey + property, valueSupplier.get());
-		}
-	}
-	@Override
-	public int getOrder() {
-		return this.order;
-	}
-}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
@@ -50,35 +50,20 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
 	public static Map<String, ClientRegistration> getClientRegistrations(
 			OAuth2ClientProperties properties) {
 		Map<String, ClientRegistration> clientRegistrations = new HashMap<>();
-		properties.getRegistration().getLogin()
+		properties.getRegistration().forEach((key, value) -> clientRegistrations.put(key,
-				.forEach((key, value) -> clientRegistrations.put(key,
+				getClientRegistration(key, value, properties.getProvider())));
-						getLoginClientRegistration(key, value,
-								properties.getProvider())));
-		properties.getRegistration().getAuthorizationCode()
-				.forEach((key, value) -> clientRegistrations.put(key,
-						getAuthorizationCodeClientRegistration(key, value,
-								properties.getProvider())));
 		return clientRegistrations;
 	}
-	private static ClientRegistration getAuthorizationCodeClientRegistration(
+	private static ClientRegistration getClientRegistration(String registrationId,
-			String registrationId,
+			OAuth2ClientProperties.Registration properties,
-			OAuth2ClientProperties.AuthorizationCodeClientRegistration properties,
-			Map<String, Provider> providers) {
-		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
-		Builder builder = getBuilder(map, registrationId, properties, providers);
-		map.from(properties::getRedirectUri).to(builder::redirectUriTemplate);
-		return builder.build();
-	}
-	private static Builder getBuilder(PropertyMapper map, String registrationId,
-			OAuth2ClientProperties.BaseClientRegistration properties,
 			Map<String, Provider> providers) {
 		Builder builder = getBuilderFromIssuerIfPossible(registrationId,
 				properties.getProvider(), providers);
 		if (builder == null) {
 			builder = getBuilder(registrationId, properties.getProvider(), providers);
 		}
+		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
 		map.from(properties::getClientId).to(builder::clientId);
 		map.from(properties::getClientSecret).to(builder::clientSecret);
 		map.from(properties::getClientAuthenticationMethod)
@@ -86,18 +71,10 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
 				.to(builder::clientAuthenticationMethod);
 		map.from(properties::getAuthorizationGrantType).as(AuthorizationGrantType::new)
 				.to(builder::authorizationGrantType);
+		map.from(properties::getRedirectUri).to(builder::redirectUriTemplate);
 		map.from(properties::getScope).as((scope) -> StringUtils.toStringArray(scope))
 				.to(builder::scope);
 		map.from(properties::getClientName).to(builder::clientName);
-		return builder;
-	}
-	private static ClientRegistration getLoginClientRegistration(String registrationId,
-			OAuth2ClientProperties.LoginClientRegistration properties,
-			Map<String, Provider> providers) {
-		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
-		Builder builder = getBuilder(map, registrationId, properties, providers);
-		map.from(properties::getRedirectUri).to(builder::redirectUriTemplate);
 		return builder.build();
 	}

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -711,15 +711,6 @@
      "name": "spring.session.hazelcast.flush-mode",
      "defaultValue": "on-save"
    },
-    {
-      "name" : "spring.security.oauth2.client.registration",
-      "type" : "java.util.Map<java.lang.String,org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.LoginClientRegistration>",
-      "description" : "Maps client registration-id to a client registration.",
-      "deprecation" : {
-        "replacement" : "spring.security.oauth2.client.registration.login",
-        "level" : "warning"
-      }
-    },
    {
      "name": "spring.session.servlet.filter-dispatcher-types",
      "defaultValue": [

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
@@ -7,10 +7,6 @@ org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingL
 org.springframework.context.ApplicationListener=\
 org.springframework.boot.autoconfigure.BackgroundPreinitializer
-# Environment Post Processors
-org.springframework.boot.env.EnvironmentPostProcessor=\
-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesEnvironmentPostProcessor
 # Auto Configuration Import Listeners
 org.springframework.boot.autoconfigure.AutoConfigurationImportListener=\
 org.springframework.boot.autoconfigure.condition.ConditionEvaluationReportAutoConfigurationImportListener

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesEnvironmentPostProcessorTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesEnvironmentPostProcessorTests.java
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.boot.autoconfigure.security.oauth2.client;
-import java.util.HashMap;
-import java.util.Map;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.core.env.MapPropertySource;
-import org.springframework.core.env.MutablePropertySources;
-import org.springframework.core.env.StandardEnvironment;
-import org.springframework.core.env.SystemEnvironmentPropertySource;
-import org.springframework.mock.env.MockEnvironment;
-import static org.assertj.core.api.Assertions.assertThat;
-/**
- * Tests for {@link OAuth2ClientPropertiesEnvironmentPostProcessor}.
- *
- * @author Madhura Bhave
- */
-public class OAuth2ClientPropertiesEnvironmentPostProcessorTests {
-	private OAuth2ClientPropertiesEnvironmentPostProcessor postProcessor = new OAuth2ClientPropertiesEnvironmentPostProcessor();
-	private MockEnvironment environment;
-	private static final String REGISTRATION_PREFIX = "spring.security.oauth2.client.registration.github-client.";
-	private static final String ENVIRONMENT_REGISTRATION_PREFIX = "SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GITHUB-CLIENT_";
-	private static final String LOGIN_REGISTRATION_PREFIX = "spring.security.oauth2.client.registration.login.github-client.";
-	@Before
-	public void setup() {
-		this.environment = new MockEnvironment();
-	}
-	@Test
-	public void postProcessorWhenLegacyPropertiesShouldConvert() {
-		Map<String, Object> properties = new HashMap<>();
-		properties.put(REGISTRATION_PREFIX + "client-id", "my-client-id");
-		properties.put(REGISTRATION_PREFIX + "client-secret", "my-client-secret");
-		properties.put(REGISTRATION_PREFIX + "redirect-uri-template",
-				"http://my-redirect-uri.com");
-		properties.put(REGISTRATION_PREFIX + "provider", "github");
-		properties.put(REGISTRATION_PREFIX + "scope", "user");
-		properties.put(REGISTRATION_PREFIX + "client-name", "my-client-name");
-		properties.put(REGISTRATION_PREFIX + "authorization-grant-type",
-				"authorization_code");
-		properties.put(REGISTRATION_PREFIX + "client-authentication-method", "FORM");
-		MapPropertySource source = new MapPropertySource("test", properties);
-		this.environment.getPropertySources().addFirst(source);
-		this.postProcessor.postProcessEnvironment(this.environment, null);
-		assertPropertyMigration();
-	}
-	@Test
-	public void postProcessorDoesNotCopyMissingProperties() {
-		Map<String, Object> properties = new HashMap<>();
-		properties.put(REGISTRATION_PREFIX + "client-id", "my-client-id");
-		MapPropertySource source = new MapPropertySource("test", properties);
-		this.environment.getPropertySources().addFirst(source);
-		this.postProcessor.postProcessEnvironment(this.environment, null);
-		assertThat(this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "client-id"))
-				.isEqualTo("my-client-id");
-		assertThat(
-				this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "client-secret"))
-						.isNull();
-	}
-	@Test
-	public void postProcessorWhenLegacyEnvironmentVariablesPropertiesShouldConvert() {
-		Map<String, Object> properties = new HashMap<>();
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "CLIENTID", "my-client-id");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "CLIENTSECRET",
-				"my-client-secret");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "REDIRECTURITEMPLATE",
-				"http://my-redirect-uri.com");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "PROVIDER", "github");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "SCOPE", "user");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "CLIENTNAME", "my-client-name");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "AUTHORIZATIONGRANTTYPE",
-				"authorization_code");
-		properties.put(ENVIRONMENT_REGISTRATION_PREFIX + "CLIENTAUTHENTICATIONMETHOD",
-				"FORM");
-		SystemEnvironmentPropertySource source = new SystemEnvironmentPropertySource(
-				"test-" + StandardEnvironment.SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME,
-				properties);
-		this.environment.getPropertySources().addFirst(source);
-		this.postProcessor.postProcessEnvironment(this.environment, null);
-		assertPropertyMigration();
-	}
-	@Test
-	public void postProcessorWhenNewPropertiesShouldDoNothing() {
-		Map<String, Object> properties = new HashMap<>();
-		properties.put(LOGIN_REGISTRATION_PREFIX + "client-id", "my-client-id");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "client-secret", "my-client-secret");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "redirect-uri-template",
-				"http://my-redirect-uri.com");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "provider", "github");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "scope", "user");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "client-name", "my-client-name");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "authorization-grant-type",
-				"authorization_code");
-		properties.put(LOGIN_REGISTRATION_PREFIX + "client-authentication-method",
-				"FORM");
-		MapPropertySource source = new MapPropertySource("test", properties);
-		this.environment.getPropertySources().addFirst(source);
-		MutablePropertySources propertySources = new MutablePropertySources(
-				this.environment.getPropertySources());
-		this.postProcessor.postProcessEnvironment(this.environment, null);
-		assertPropertyMigration();
-		assertThat(this.environment.getPropertySources())
-				.containsExactlyElementsOf(propertySources);
-	}
-	private void assertPropertyMigration() {
-		assertThat(this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "client-id"))
-				.isEqualTo("my-client-id");
-		assertThat(
-				this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "client-secret"))
-						.isEqualTo("my-client-secret");
-		assertThat(this.environment
-				.getProperty(LOGIN_REGISTRATION_PREFIX + "redirect-uri-template"))
-						.isEqualTo("http://my-redirect-uri.com");
-		assertThat(this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "provider"))
-				.isEqualTo("github");
-		assertThat(this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "scope"))
-				.isEqualTo("user");
-		assertThat(
-				this.environment.getProperty(LOGIN_REGISTRATION_PREFIX + "client-name"))
-						.isEqualTo("my-client-name");
-		assertThat(this.environment
-				.getProperty(LOGIN_REGISTRATION_PREFIX + "authorization-grant-type"))
-						.isEqualTo("authorization_code");
-		assertThat(this.environment
-				.getProperty(LOGIN_REGISTRATION_PREFIX + "client-authentication-method"))
-						.isEqualTo("FORM");
-	}
-}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesTests.java
@@ -18,9 +18,6 @@ package org.springframework.boot.autoconfigure.security.oauth2.client;
 import org.junit.Test;
-import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.AuthorizationCodeClientRegistration;
-import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties.LoginClientRegistration;
 import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 /**
@@ -34,40 +31,21 @@ public class OAuth2ClientPropertiesTests {
 	private OAuth2ClientProperties properties = new OAuth2ClientProperties();
 	@Test
-	public void clientIdAbsentForLoginClientsThrowsException() {
+	public void clientIdAbsentThrowsException() {
-		LoginClientRegistration registration = new LoginClientRegistration();
+		OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
 		registration.setClientSecret("secret");
 		registration.setProvider("google");
-		this.properties.getRegistration().getLogin().put("foo", registration);
+		this.properties.getRegistration().put("foo", registration);
 		assertThatIllegalStateException().isThrownBy(this.properties::validate)
 				.withMessageContaining("Client id must not be empty.");
 	}
 	@Test
 	public void clientSecretAbsentShouldNotThrowException() {
-		LoginClientRegistration registration = new LoginClientRegistration();
+		OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration();
-		registration.setClientId("foo");
-		registration.setProvider("google");
-		this.properties.getRegistration().getLogin().put("foo", registration);
-		this.properties.validate();
-	}
-	@Test
-	public void clientIdAbsentForAuthorizationCodeClientsThrowsException() {
-		AuthorizationCodeClientRegistration registration = new AuthorizationCodeClientRegistration();
-		registration.setClientSecret("secret");
-		registration.setProvider("google");
-		this.properties.getRegistration().getAuthorizationCode().put("foo", registration);
-		assertThatIllegalStateException().isThrownBy(this.properties::validate)
-				.withMessageContaining("Client id must not be empty.");
-	}
-	@Test
-	public void clientSecretAbsentForAuthorizationCodeClientDoesNotThrowException() {
-		AuthorizationCodeClientRegistration registration = new AuthorizationCodeClientRegistration();
 		registration.setClientId("foo");
 		registration.setProvider("google");
-		this.properties.getRegistration().getAuthorizationCode().put("foo", registration);
+		this.properties.getRegistration().put("foo", registration);
 		this.properties.validate();
 	}

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientAutoConfigurationTests.java
@@ -52,7 +52,7 @@ public class ReactiveOAuth2ClientAutoConfigurationTests {
 			.withConfiguration(
 					AutoConfigurations.of(ReactiveOAuth2ClientAutoConfiguration.class));
-	private static final String REGISTRATION_PREFIX = "spring.security.oauth2.client.registration.login";
+	private static final String REGISTRATION_PREFIX = "spring.security.oauth2.client.registration";
 	@Test
 	public void autoConfigurationShouldBackOffForServletEnvironments() {

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfigurationTests.java
@@ -33,7 +33,7 @@ public class OAuth2ClientRegistrationRepositoryConfigurationTests {
 	private final ApplicationContextRunner contextRunner = new ApplicationContextRunner();
-	private static final String REGISTRATION_PREFIX = "spring.security.oauth2.client.registration.login";
+	private static final String REGISTRATION_PREFIX = "spring.security.oauth2.client.registration";
 	@Test
 	public void clientRegistrationRepositoryBeanShouldNotBeCreatedWhenPropertiesAbsent() {

--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
@@ -3264,13 +3264,31 @@ Spring.
 ==== Client
 If you have `spring-security-oauth2-client` on your classpath, you can take advantage of
 some auto-configuration to make it easy to set up an OAuth2/Open ID Connect clients. This configuration
-makes use of the properties under `OAuth2ClientProperties`.
+makes use of the properties under `OAuth2ClientProperties`. The same properties are applicable to both servlet and reactive applications.
-You can register multiple OAuth2/OpenID Connect providers under the `spring.security.oauth2.client.provider`
+You can register multiple OAuth2 clients and providers under the
-prefix, as shown in the following example:
+`spring.security.oauth2.client` prefix, as shown in the following example:
 [source,properties,indent=0]
 ----
+	spring.security.oauth2.client.registration.my-client-1.client-id=abcd
+	spring.security.oauth2.client.registration.my-client-1.client-secret=password
+	spring.security.oauth2.client.registration.my-client-1.client-name=Client for user scope
+	spring.security.oauth2.client.registration.my-client-1.provider=my-oauth-provider
+	spring.security.oauth2.client.registration.my-client-1.scope=user
+	spring.security.oauth2.client.registration.my-client-1.redirect-uri-template=http://my-redirect-uri.com
+	spring.security.oauth2.client.registration.my-client-1.client-authentication-method=basic
+	spring.security.oauth2.client.registration.my-client-1.authorization-grant-type=authorization_code
+	spring.security.oauth2.client.registration.my-client-2.client-id=abcd
+	spring.security.oauth2.client.registration.my-client-2.client-secret=password
+	spring.security.oauth2.client.registration.my-client-2.client-name=Client for email scope
+	spring.security.oauth2.client.registration.my-client-2.provider=my-oauth-provider
+	spring.security.oauth2.client.registration.my-client-2.scope=email
+	spring.security.oauth2.client.registration.my-client-2.redirect-uri-template=http://my-redirect-uri.com
+	spring.security.oauth2.client.registration.my-client-2.client-authentication-method=basic
+	spring.security.oauth2.client.registration.my-client-2.authorization-grant-type=authorization_code
 	spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://my-auth-server/oauth/authorize
 	spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://my-auth-server/oauth/token
 	spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://my-auth-server/userinfo
@@ -3294,33 +3312,6 @@ Provider can be configured with the `issuer-uri`:
-[[boot-features-security-oauth2-login-client-registration]]
-===== OpenID Connect Login client registration
-You can register multiple Open ID Connect clients under the
-`spring.security.oauth2.client.registration.login` prefix, as shown in the following example:
-[source,properties,indent=0]
----
-	spring.security.oauth2.client.registration.login.my-client-1.client-id=abcd
-	spring.security.oauth2.client.registration.login.my-client-1.client-secret=password
-	spring.security.oauth2.client.registration.login.my-client-1.client-name=Client for user scope
-	spring.security.oauth2.client.registration.login.my-client-1.provider=my-oauth-provider
-	spring.security.oauth2.client.registration.login.my-client-1.scope=user
-	spring.security.oauth2.client.registration.login.my-client-1.redirect-uri=http://localhost:8080/login/oauth2/code/my-client-1
-	spring.security.oauth2.client.registration.login.my-client-1.client-authentication-method=basic
-	spring.security.oauth2.client.registration.login.my-client-1.authorization-grant-type=authorization_code
-	spring.security.oauth2.client.registration.login.my-client-2.client-id=abcd
-	spring.security.oauth2.client.registration.login.my-client-2.client-secret=password
-	spring.security.oauth2.client.registration.login.my-client-2.client-name=Client for email scope
-	spring.security.oauth2.client.registration.login.my-client-2.provider=my-oauth-provider
-	spring.security.oauth2.client.registration.login.my-client-2.scope=email
-	spring.security.oauth2.client.registration.login.my-client-2.redirect-uri=http://localhost:8080/login/oauth2/code/my-client-2
-	spring.security.oauth2.client.registration.login.my-client-2.client-authentication-method=basic
-	spring.security.oauth2.client.registration.login.my-client-2.authorization-grant-type=authorization_code
----
 By default, Spring Security's `OAuth2LoginAuthenticationFilter` only processes URLs
 matching `/login/oauth2/code/*`. If you want to customize the `redirect-uri` to
 use a different pattern, you need to provide configuration to process that custom pattern.
@@ -3344,36 +3335,6 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 }
 ----
-The same properties are applicable to both servlet and reactive applications.
-[[boot-features-security-oauth2-authorization-code-client-registration]]
-===== OAuth2 Authorization Code client registration
-You can register multiple OAuth2 `authorization_code` clients under the
-`spring.security.oauth2.client.registration.authorization-code` prefix, as shown in the following example:
-[source,properties,indent=0]
----
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.client-id=abcd
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.client-secret=password
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.client-name=Client for user scope
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.provider=my-oauth-provider
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.scope=user
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.redirect-uri=http://my-redirect-uri.com
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.client-authentication-method=basic
-	spring.security.oauth2.client.registration.authorization-code.my-client-1.authorization-grant-type=authorization_code
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.client-id=abcd
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.client-secret=password
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.client-name=Client for email scope
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.provider=my-oauth-provider
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.scope=email
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.redirect-uri=http://my-redirect-uri.com
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.client-authentication-method=basic
-	spring.security.oauth2.client.registration.authorization-code.my-client-2.authorization-grant-type=authorization_code
----
 [[boot-features-security-oauth2-common-providers]]
@@ -3383,19 +3344,19 @@ we provide a set of provider defaults (`google`, `github`, `facebook`, and `okta
 respectively).
 If you do not need to customize these providers, you can set the `provider` attribute to
-the one for which you need to infer defaults. Also, if the ID of your client matches the
+the one for which you need to infer defaults. Also, if the key for the client registration matches a
 default supported provider, Spring Boot infers that as well.
 In other words, the two configurations in the following example use the Google provider:
 [source,properties,indent=0]
 ----
-	spring.security.oauth2.client.registration.login.my-client.client-id=abcd
+	spring.security.oauth2.client.registration.my-client.client-id=abcd
-	spring.security.oauth2.client.registration.login.my-client.client-secret=password
+	spring.security.oauth2.client.registration.my-client.client-secret=password
-	spring.security.oauth2.client.registration.login.my-client.provider=google
+	spring.security.oauth2.client.registration.my-client.provider=google
-	spring.security.oauth2.client.registration.login.google.client-id=abcd
+	spring.security.oauth2.client.registration.google.client-id=abcd
-	spring.security.oauth2.client.registration.login.google.client-secret=password
+	spring.security.oauth2.client.registration.google.client-secret=password
 ----

--- a/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml
+++ b/spring-boot-samples/spring-boot-sample-oauth2-client/src/main/resources/application.yml
@@ -3,32 +3,30 @@ spring:
    oauth2:
      client:
        registration:
-          login:
+          github-client-1:
-            github-client-1:
+            client-id: ${APP-CLIENT-ID}
-              client-id: ${APP-CLIENT-ID}
+            client-secret: ${APP-CLIENT-SECRET}
-              client-secret: ${APP-CLIENT-SECRET}
+            client-name: Github user
-              client-name: Github user
+            provider: github
-              provider: github
+            scope: user
-              scope: user
+            redirect-uri: http://localhost:8080/login/oauth2/code/github
-              redirect-uri: http://localhost:8080/login/oauth2/code/github
+          github-client-2:
-            github-client-2:
+            client-id: ${APP-CLIENT-ID}
-              client-id: ${APP-CLIENT-ID}
+            client-secret: ${APP-CLIENT-SECRET}
-              client-secret: ${APP-CLIENT-SECRET}
+            client-name: Github email
-              client-name: Github email
+            provider: github
-              provider: github
+            scope: user:email
-              scope: user:email
+            redirect-uri: http://localhost:8080/login/oauth2/code/github
-              redirect-uri: http://localhost:8080/login/oauth2/code/github
+          yahoo-oidc:
-            yahoo-oidc:
+            client-id: ${YAHOO-CLIENT-ID}
-              client-id: ${YAHOO-CLIENT-ID}
+            client-secret: ${YAHOO-CLIENT-SECRET}
-              client-secret: ${YAHOO-CLIENT-SECRET}
+          github-repos:
-          authorization_code:
+            client-id: ${APP-CLIENT-ID}
-            github-repos:
+            client-secret: ${APP-CLIENT-SECRET}
-              client-id: ${APP-CLIENT-ID}
+            scope: public_repo
-              client-secret: ${APP-CLIENT-SECRET}
+            redirect-uri: "{baseUrl}/github-repos"
-              scope: public_repo
+            provider: github
-              redirect-uri: "{baseUrl}/github-repos"
+            client-name: GitHub Repositories
-              provider: github
-              client-name: GitHub Repositories
        provider:
          yahoo-oidc:
            issuer-uri: https://api.login.yahoo.com/
\ No newline at end of file
--- a/spring-boot-samples/spring-boot-sample-oauth2-client/src/test/java/sample/oauth2/client/SampleOAuth2ClientApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-oauth2-client/src/test/java/sample/oauth2/client/SampleOAuth2ClientApplicationTests.java
@@ -53,20 +53,13 @@ public class SampleOAuth2ClientApplicationTests {
 	}
 	@Test
-	public void loginShouldHaveBothOAuth2LoginClientsToChooseFrom() {
+	public void loginShouldHaveAllOAuth2ClientsToChooseFrom() {
 		ResponseEntity<String> entity = this.restTemplate.getForEntity("/login",
 				String.class);
 		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
 		assertThat(entity.getBody()).contains("/oauth2/authorization/yahoo");
 		assertThat(entity.getBody()).contains("/oauth2/authorization/github-client-1");
 		assertThat(entity.getBody()).contains("/oauth2/authorization/github-client-2");
-	}
-	@Test
-	public void authorizationCodeClientIsPresent() {
-		ResponseEntity<String> entity = this.restTemplate.getForEntity("/login",
-				String.class);
-		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
 		assertThat(entity.getBody()).contains("/oauth2/authorization/github-repos");
 	}

--- a/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml
+++ b/spring-boot-samples/spring-boot-sample-reactive-oauth2-client/src/main/resources/application.yml
@@ -3,24 +3,23 @@ spring:
    oauth2:
      client:
        registration:
-          login:
+          github-client-1:
-            github-client-1:
+            client-id: ${APP-CLIENT-ID}
-              client-id: ${APP-CLIENT-ID}
+            client-secret: ${APP-CLIENT-SECRET}
-              client-secret: ${APP-CLIENT-SECRET}
+            client-name: Github user
-              client-name: Github user
+            provider: github
-              provider: github
+            scope: user
-              scope: user
+            redirect-uri: http://localhost:8080/login/oauth2/code/github
-              redirect-uri: http://localhost:8080/login/oauth2/code/github
+          github-client-2:
-            github-client-2:
+            client-id: ${APP-CLIENT-ID}
-              client-id: ${APP-CLIENT-ID}
+            client-secret: ${APP-CLIENT-SECRET}
-              client-secret: ${APP-CLIENT-SECRET}
+            client-name: Github email
-              client-name: Github email
+            provider: github
-              provider: github
+            scope: user:email
-              scope: user:email
+            redirect-uri: http://localhost:8080/login/oauth2/code/github
-              redirect-uri: http://localhost:8080/login/oauth2/code/github
+          yahoo-oidc:
-            yahoo-oidc:
+            client-id: ${YAHOO-CLIENT-ID}
-              client-id: ${YAHOO-CLIENT-ID}
+            client-secret: ${YAHOO-CLIENT-SECRET}
-              client-secret: ${YAHOO-CLIENT-SECRET}
        provider:
          yahoo-oidc:
            issuer-uri: https://api.login.yahoo.com/
\ No newline at end of file