Pick end_session_endpoint from OpenID conf first, then spring-addons …

…logout one

samples/tutorials/reactive-client/README.md

@@ -244,12 +244,18 @@ static class DelegatingOidcClientInitiatedServerLogoutSuccessHandler implements
             String postLogoutRedirectUri) {
         delegates = StreamSupport.stream(clientRegistrationRepository.spliterator(), false)
                 .collect(Collectors.toMap(ClientRegistration::getRegistrationId, clientRegistration -> {
-                    final var registrationProperties = properties.getRegistration().get(clientRegistration.getRegistrationId());
-                    if (registrationProperties == null) {
+                    final var endSessionEnpoint = (String) (clientRegistration.getProviderDetails().getConfigurationMetadata().get("end_session_endpoint"));
+                    if (StringUtils.hasText(endSessionEnpoint)) {
                         final var handler = new OidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository);
                         handler.setPostLogoutRedirectUri(postLogoutRedirectUri);
                         return handler;
                     }
+                    final var registrationProperties = properties.getRegistration().get(clientRegistration.getRegistrationId());
+                    if (registrationProperties == null) {
+                        throw new MisconfigurationException(
+                                "OAuth2 client registration \"%s\" has no end_session_endpoint in OpenID configuration nor spring-addons logout properties"
+                                        .formatted(clientRegistration.getRegistrationId()));
+                    }
                     return new AlmostOidcClientInitiatedServerLogoutSuccessHandler(registrationProperties, clientRegistration, postLogoutRedirectUri);
                 }));
     }
@@ -262,7 +268,7 @@ static class DelegatingOidcClientInitiatedServerLogoutSuccessHandler implements
 
 }
 ```
-This handler switches between Spring's `OidcClientInitiatedServerLogoutSuccessHandler` and our `AlmostOidcClientInitiatedServerLogoutSuccessHandler` depending on the configuration properties.
+This handler switches between Spring's `OidcClientInitiatedServerLogoutSuccessHandler` (used if the `.well-known/openid-configuration` exposes an `end_session_endpont`) and our `AlmostOidcClientInitiatedServerLogoutSuccessHandler` (if the logout configuration properties are present, or throws an exception).
 
 Last we need to update the security filter-chain to use the new `DelegatingOidcClientInitiatedServerLogoutSuccessHandler`:
 ```java

samples/tutorials/reactive-client/src/main/java/com/c4soft/springaddons/tutorials/WebSecurityConfig.java

@@ -1,5 +1,7 @@
 package com.c4soft.springaddons.tutorials;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
@@ -45,12 +47,14 @@
 import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
 import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
 import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 
+import com.c4soft.springaddons.tutorials.WebSecurityConfig.AuthoritiesMappingProperties.MisconfigurationException;
 import com.jayway.jsonpath.JsonPath;
 import com.jayway.jsonpath.PathNotFoundException;
 
@@ -69,7 +73,7 @@ SecurityWebFilterChain clientSecurityFilterChain(
 			InMemoryReactiveClientRegistrationRepository clientRegistrationRepository,
 			LogoutProperties logoutProperties) {
 		http.addFilterBefore(loginPageWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING);
-		http.oauth2Login();
+		http.oauth2Login(withDefaults());
 		http.logout(logout -> {
 			logout.logoutSuccessHandler(
 					new DelegatingOidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository, logoutProperties, "{baseUrl}"));
@@ -189,12 +193,18 @@ public DelegatingOidcClientInitiatedServerLogoutSuccessHandler(
 				String postLogoutRedirectUri) {
 			delegates = StreamSupport.stream(clientRegistrationRepository.spliterator(), false)
 					.collect(Collectors.toMap(ClientRegistration::getRegistrationId, clientRegistration -> {
-						final var registrationProperties = properties.getRegistration().get(clientRegistration.getRegistrationId());
-						if (registrationProperties == null) {
+						final var endSessionEnpoint = (String) (clientRegistration.getProviderDetails().getConfigurationMetadata().get("end_session_endpoint"));
+						if (StringUtils.hasText(endSessionEnpoint)) {
 							final var handler = new OidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository);
 							handler.setPostLogoutRedirectUri(postLogoutRedirectUri);
 							return handler;
 						}
+						final var registrationProperties = properties.getRegistration().get(clientRegistration.getRegistrationId());
+						if (registrationProperties == null) {
+							throw new MisconfigurationException(
+									"OAuth2 client registration \"%s\" has no end_session_endpoint in OpenID configuration nor spring-addons logout properties"
+											.formatted(clientRegistration.getRegistrationId()));
+						}
 						return new AlmostOidcClientInitiatedServerLogoutSuccessHandler(registrationProperties, clientRegistration, postLogoutRedirectUri);
 					}));
 		}

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/BearerAuthenticationSource.java

@@ -31,6 +31,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    ParameterizedBearerAuth
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.METHOD })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/JwtAuthenticationSource.java

@@ -31,6 +31,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    ParameterizedJwtAuth
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.METHOD })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OAuth2LoginAuthenticationSource.java

@@ -31,6 +31,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    ParameterizedOAuth2Login
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.METHOD })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OidcLoginAuthenticationSource.java

@@ -31,6 +31,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    ParameterizedOidcLogin
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.METHOD })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/OpenIdAuthenticationSource.java

@@ -32,6 +32,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    ParameterizedOpenId
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.METHOD })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedBearerAuth.java

@@ -26,6 +26,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    BearerAuthenticationSource
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedJwtAuth.java

@@ -26,6 +26,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    JwtAuthenticationSource
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOAuth2Login.java

@@ -26,6 +26,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    OAuth2LoginAuthenticationSource
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOidcLogin.java

@@ -26,6 +26,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    OidcLoginAuthenticationSource
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)

spring-addons-oauth2-test/src/main/java/com/c4_soft/springaddons/security/oauth2/test/annotations/parameterized/ParameterizedOpenId.java

@@ -28,6 +28,7 @@
  *
  * @author Jerome Wacongne ch4mp@c4-soft.com
  * @see    OpenIdAuthenticationSource
+ * @since  6.1.12
  */
 @Target({ ElementType.ANNOTATION_TYPE, ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)