diff --git a/docs/Next-Step-Server.md b/docs/Next-Step-Server.md
index 83eca9be0..94530a014 100644
--- a/docs/Next-Step-Server.md
+++ b/docs/Next-Step-Server.md
@@ -74,15 +74,10 @@ The Next Step Server functionality is described in details in [Next Step Server
You may configure OpenID Connect (OIDC) authentication.
-| Property | Default value | Description |
-|--------------------------------------------------------------------------------------------|--------------------------|-------------------------------------------------------------------------------------------------------------------------------|
-| `powerauth.nextstep.security.auth.type` | | `OIDC` for OpenID Connect. If OIDC enabled, the properties bellow must be configured. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.provider` | `nextstep-oidc-provider` | Should be `nextstep-oidc-provider`, defines the key for the `issuer-uri` property, see below. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.client-id` | | Client ID for authentication to the provider. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.client-secret` | | Client secret for authentication to the provider. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.authorization-grant-type` | `authorization_code` | Authorization grant type. Should be `authorization_code`. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.scope` | `openid` | Authorization scopes. Should be `openid`. |
-| `spring.security.oauth2.client.registration.nextstep-oidc-client.redirectUri` | | Redirect URI from the provider back to the NextStep, e.g. `http://localhost:8080//powerauth-nextstep/login/oauth2/code/azure` |
-| `spring.security.oauth2.client.provider.nextstep-oidc-provider.issuer-uri` | | URL of the provider, e.g. `https://sts.windows.net/example/` |
+| Property | Default value | Description |
+|---------------------------------------------------------|---------------|---------------------------------------------------------------------------------------|
+| `powerauth.nextstep.security.auth.type` | | `OIDC` for OpenID Connect. If OIDC enabled, the properties bellow must be configured. |
+| `spring.security.oauth2.resource-server.jwt.issuer-uri` | | URL of the provider, e.g. `https://sts.windows.net/example/` |
+| `spring.security.oauth2.resource-server.jwt.audiences` | | A comma-separated list of allowed `aud` JWT claim values to be validated. |
See the [Spring Security documentation](https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html#oauth2-client-log-users-in) and [OpenID Connect UserInfo endpoint](https://connect2id.com/products/server/docs/api/userinfo) for details.
diff --git a/powerauth-nextstep/pom.xml b/powerauth-nextstep/pom.xml
index 749b7c4c6..4339794ac 100644
--- a/powerauth-nextstep/pom.xml
+++ b/powerauth-nextstep/pom.xml
@@ -61,7 +61,7 @@
org.springframework.boot
- spring-boot-starter-oauth2-client
+ spring-boot-starter-oauth2-resource-server
org.springframework.boot
diff --git a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/NextStepApplication.java b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/NextStepApplication.java
index c7eb2ccee..a3a898b2b 100644
--- a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/NextStepApplication.java
+++ b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/NextStepApplication.java
@@ -21,7 +21,6 @@
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.scheduling.annotation.EnableScheduling;
@@ -32,7 +31,7 @@
*
* @author Roman Strobl, roman.strobl@wultra.com
*/
-@SpringBootApplication(exclude = OAuth2ClientAutoConfiguration.class) // OAuth2Client dependency is included, but configuration is optional
+@SpringBootApplication
@EnableScheduling
@ComponentScan(basePackages = {"io.getlime.security.powerauth.app.nextstep", "com.wultra.core.audit.base"})
public class NextStepApplication {
diff --git a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/configuration/SecurityConfig.java b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/configuration/SecurityConfig.java
index 9b3355d65..4417b80fc 100644
--- a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/configuration/SecurityConfig.java
+++ b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/configuration/SecurityConfig.java
@@ -19,11 +19,8 @@
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -57,13 +54,10 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
logger.info("Initializing OIDC authentication.");
http.authorizeHttpRequests(authorize -> authorize
.requestMatchers(
- new AntPathRequestMatcher("/login/oauth2/**"),
new AntPathRequestMatcher("/api/service/status"),
- new AntPathRequestMatcher("/actuator/**"))
- .permitAll()
- .anyRequest()
- .fullyAuthenticated())
- .oauth2Login(withDefaults());
+ new AntPathRequestMatcher("/actuator/**")).permitAll()
+ .anyRequest().fullyAuthenticated())
+ .oauth2ResourceServer(oauth2 -> oauth2.jwt(withDefaults()));
} else {
logger.info("No authentication configured");
http.httpBasic(AbstractHttpConfigurer::disable);
@@ -74,13 +68,6 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
.build();
}
- @Configuration
- @ConditionalOnProperty(name = "powerauth.nextstep.security.auth.type", havingValue = "OIDC")
- @Import(OAuth2ClientAutoConfiguration.class)
- public static class OAuth2ClientConfiguration {
- // no code on purpose, only config class
- }
-
enum AuthType {
NONE,
diff --git a/powerauth-nextstep/src/main/resources/application.properties b/powerauth-nextstep/src/main/resources/application.properties
index d67645e22..9eade1abb 100644
--- a/powerauth-nextstep/src/main/resources/application.properties
+++ b/powerauth-nextstep/src/main/resources/application.properties
@@ -72,13 +72,8 @@ logging.config=${POWERAUTH_NEXTSTEP_LOGGING:}
# OpenID Connect (OIDC) Settings
#powerauth.nextstep.security.auth.type=OIDC
-spring.security.oauth2.client.registration.nextstep-oidc-client.provider=nextstep-oidc-provider
-spring.security.oauth2.client.registration.nextstep-oidc-client.client-id=
-spring.security.oauth2.client.registration.nextstep-oidc-client.client-secret=
-spring.security.oauth2.client.registration.nextstep-oidc-client.authorization-grant-type=authorization_code
-spring.security.oauth2.client.registration.nextstep-oidc-client.scope=openid
-spring.security.oauth2.client.registration.nextstep-oidc-client.redirectUri=
-spring.security.oauth2.client.provider.nextstep-oidc-provider.issuer-uri=
+spring.security.oauth2.resource-server.jwt.issuer-uri=
+spring.security.oauth2.resource-server.jwt.audiences=
# Monitoring
management.tracing.sampling.probability=1.0
diff --git a/powerauth-nextstep/src/test/resources/application-test.properties b/powerauth-nextstep/src/test/resources/application-test.properties
index a59370aef..df8164063 100644
--- a/powerauth-nextstep/src/test/resources/application-test.properties
+++ b/powerauth-nextstep/src/test/resources/application-test.properties
@@ -13,5 +13,3 @@ powerauth.nextstep.db.master.encryption.key=Bq9h3/QiGTAChopid3Xd4ZDzaJ5rkrqBuzy2
# Liquibase
spring.liquibase.enabled=false
-
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration