fix(kotlin-spring): use modern OAuth2 client config for Spring Boot 4 spring-cloud library

Add useSpringBoot4 conditionals to clientConfiguration.mustache so SB4
uses OAuth2AuthorizedClientManager instead of legacy OAuth2FeignRequestInterceptor
and *ResourceDetails classes that don't exist in Spring Boot 4.

Author: yonatankarp

modules/openapi-generator/src/main/resources/kotlin-spring/libraries/spring-cloud/clientConfiguration.mustache

@@ -8,17 +8,20 @@ import feign.auth.BasicAuthRequestInterceptor
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 {{/-first}}
+{{^useSpringBoot4}}
 {{#isOAuth}}
 import org.springframework.boot.context.properties.ConfigurationProperties
 {{/isOAuth}}
+{{/useSpringBoot4}}
 {{/authMethods}}
+{{^useSpringBoot4}}
 import org.springframework.boot.context.properties.EnableConfigurationProperties
-{{#authMethods}}
-{{#-first}}
+{{/useSpringBoot4}}
+{{#hasAuthMethods}}
 import org.springframework.context.annotation.Bean
-{{/-first}}
-{{/authMethods}}
+{{/hasAuthMethods}}
 import org.springframework.context.annotation.Configuration
+{{^useSpringBoot4}}
 {{#authMethods}}
 {{#isOAuth}}
 import org.springframework.cloud.openfeign.security.OAuth2FeignRequestInterceptor
@@ -38,9 +41,29 @@ import org.springframework.security.oauth2.client.token.grant.password.ResourceO
 {{/isPassword}}
 {{/isOAuth}}
 {{/authMethods}}
+{{/useSpringBoot4}}
+{{#useSpringBoot4}}
+{{#hasOAuthMethods}}
+import org.springframework.security.authentication.AnonymousAuthenticationToken
+import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
+import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException
+import org.springframework.security.oauth2.core.OAuth2AccessToken
+import org.springframework.security.core.authority.AuthorityUtils
+import org.springframework.http.HttpHeaders
+
+import feign.RequestInterceptor
+import feign.RequestTemplate
+{{/hasOAuthMethods}}
+{{/useSpringBoot4}}
 
 @Configuration
+{{^useSpringBoot4}}
 @EnableConfigurationProperties
+{{/useSpringBoot4}}
 class ClientConfiguration {
 
     {{#authMethods}}
@@ -70,6 +93,7 @@ class ClientConfiguration {
 
     {{/isApiKey}}
     {{#isOAuth}}
+{{^useSpringBoot4}}
     @Bean
     @ConditionalOnProperty("{{#lambda.lowercase}}{{{title}}}{{/lambda.lowercase}}.security.{{{name}}}.client-id")
     fun {{#lambda.camelcase}}{{{name}}}{{/lambda.camelcase}}RequestInterceptor(oAuth2ClientContext: OAuth2ClientContext): OAuth2FeignRequestInterceptor {
@@ -127,6 +151,61 @@ class ClientConfiguration {
     }
 
     {{/isImplicit}}
+{{/useSpringBoot4}}
+{{#useSpringBoot4}}
+    @Bean
+    @ConditionalOnProperty(prefix = "spring.security.oauth2.client.registration.{{{name}}}{{#lambda.pascalcase}}{{{flow}}}{{/lambda.pascalcase}}", name = ["enabled"], havingValue = "true")
+    fun {{{flow}}}OAuth2RequestInterceptor({{{flow}}}AuthorizedClientManager: OAuth2AuthorizedClientManager): OAuth2RequestInterceptor {
+        return OAuth2RequestInterceptor(
+            OAuth2AuthorizeRequest.withClientRegistrationId("{{{name}}}{{#lambda.pascalcase}}{{{flow}}}{{/lambda.pascalcase}}")
+                .principal(AnonymousAuthenticationToken(CLIENT_PRINCIPAL_{{#lambda.uppercase}}{{{flow}}}{{/lambda.uppercase}}, CLIENT_PRINCIPAL_{{#lambda.uppercase}}{{{flow}}}{{/lambda.uppercase}}, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")))
+                .build(),
+            {{{flow}}}AuthorizedClientManager
+        )
+    }
+
+    @Bean
+    @ConditionalOnProperty(prefix = "spring.security.oauth2.client.registration.{{{name}}}{{#lambda.pascalcase}}{{{flow}}}{{/lambda.pascalcase}}", name = ["enabled"], havingValue = "true")
+    fun {{{flow}}}AuthorizedClientManager(
+        clientRegistrationRepository: ClientRegistrationRepository,
+        authorizedClientService: OAuth2AuthorizedClientService
+    ): OAuth2AuthorizedClientManager {
+        return AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientService)
+    }
+
+{{/useSpringBoot4}}
     {{/isOAuth}}
     {{/authMethods}}
-}
+{{#useSpringBoot4}}
+    {{#hasOAuthMethods}}
+    class OAuth2RequestInterceptor(
+        private val oAuth2AuthorizeRequest: OAuth2AuthorizeRequest,
+        private val oAuth2AuthorizedClientManager: OAuth2AuthorizedClientManager
+    ) : RequestInterceptor {
+
+        override fun apply(template: RequestTemplate) {
+            template.header(HttpHeaders.AUTHORIZATION, getBearerToken())
+        }
+
+        fun getAccessToken(): OAuth2AccessToken {
+            val authorizedClient = oAuth2AuthorizedClientManager.authorize(oAuth2AuthorizeRequest)
+                ?: throw OAuth2AuthenticationException("Client failed to authenticate")
+            return authorizedClient.accessToken
+        }
+
+        fun getBearerToken(): String {
+            val accessToken = getAccessToken()
+            return String.format(java.util.Locale.ROOT, "%s %s", accessToken.tokenType?.value, accessToken.tokenValue)
+        }
+    }
+
+    companion object {
+        {{#authMethods}}
+        {{#isOAuth}}
+        private const val CLIENT_PRINCIPAL_{{#lambda.uppercase}}{{{flow}}}{{/lambda.uppercase}} = "oauth2FeignClient"
+        {{/isOAuth}}
+        {{/authMethods}}
+    }
+    {{/hasOAuthMethods}}
+{{/useSpringBoot4}}
+}

modules/openapi-generator/src/test/java/org/openapitools/codegen/kotlin/spring/KotlinSpringServerCodegenTest.java

@@ -4967,6 +4967,49 @@ public void shouldDeclareSpringdocVersionWhenSwaggerUIDisabled() throws IOExcept
                 pomContent.indexOf("</properties>"));
         assertThat(propertiesBlock).contains("<springdoc-openapi.version>");
     }
+
+    @Test
+    public void shouldNotUseLegacyOAuth2WithSpringBoot4CloudLibrary() throws IOException {
+        File output = Files.createTempDirectory("test").toFile().getCanonicalFile();
+        output.deleteOnExit();
+        String outputPath = output.getAbsolutePath().replace('\\', '/');
+
+        final OpenAPI openAPI = TestUtils.parseFlattenSpec(
+                "src/test/resources/3_0/petstore-with-fake-endpoints-models-for-testing.yaml");
+        final KotlinSpringServerCodegen codegen = new KotlinSpringServerCodegen();
+        codegen.setOpenAPI(openAPI);
+        codegen.setOutputDir(output.getAbsolutePath());
+        codegen.setLibrary("spring-cloud");
+
+        codegen.additionalProperties().put(KotlinSpringServerCodegen.USE_SPRING_BOOT4, "true");
+        codegen.additionalProperties().put(DOCUMENTATION_PROVIDER, DocumentationProvider.NONE.toCliOptValue());
+        codegen.additionalProperties().put(ANNOTATION_LIBRARY, AnnotationLibrary.NONE.toCliOptValue());
+
+        ClientOptInput input = new ClientOptInput();
+        input.openAPI(openAPI);
+        input.config(codegen);
+
+        DefaultGenerator generator = new DefaultGenerator();
+        generator.setGenerateMetadata(false);
+        generator.opts(input).generate();
+
+        Path clientConfigPath = Paths.get(outputPath + "/src/main/kotlin/org/openapitools/configuration/ClientConfiguration.kt");
+        // Legacy OAuth2 classes must NOT be present
+        assertFileNotContains(clientConfigPath, "DefaultOAuth2ClientContext");
+        assertFileNotContains(clientConfigPath, "OAuth2FeignRequestInterceptor");
+        assertFileNotContains(clientConfigPath, "ClientCredentialsResourceDetails");
+        assertFileNotContains(clientConfigPath, "AuthorizationCodeResourceDetails");
+        assertFileNotContains(clientConfigPath, "ImplicitResourceDetails");
+        assertFileNotContains(clientConfigPath, "ResourceOwnerPasswordResourceDetails");
+
+        // Modern OAuth2 client classes MUST be present
+        assertFileContains(clientConfigPath, "OAuth2AuthorizedClientManager");
+        assertFileContains(clientConfigPath, "AuthorizedClientServiceOAuth2AuthorizedClientManager");
+        assertFileContains(clientConfigPath, "OAuth2AuthorizeRequest");
+        assertFileContains(clientConfigPath, "OAuth2AuthorizedClientService");
+        assertFileContains(clientConfigPath, "ClientRegistrationRepository");
+        assertFileContains(clientConfigPath, "OAuth2RequestInterceptor");
+    }
 }