// the find
ch4mpy/spring-addons
Additional Spring Boot auto-configuration for OAuth2 / OpenID & REST
A Spring Boot auto-configuration library that handles the boilerplate OAuth2/OIDC setup that spring-security-oauth2 leaves you to figure out yourself. It targets Spring Boot backends acting as resource servers or OAuth2 clients, covering Keycloak, Auth0, Cognito, and any spec-compliant provider. If you've ever spent a day debugging a SecurityFilterChain to accept tokens from two issuers, this is aimed at you.
The `@ConditionalOnMissingBean` design is the right call — you can override exactly the one component you need without rewriting the entire security chain. The `@WithJwt` test annotation actually runs your authentication converter, unlike `spring-security-test`'s `.jwt()` post-processor which skips it, so your authority-mapping logic gets tested. The `spring-addons-starter-rest` proxy/SSL/OAuth2 client config via YAML is a real time-saver for microservice-to-microservice calls where bearer forwarding or client_credentials grants are needed. Actively maintained and already on Spring Boot 4.0.7 / Security 7.1.x as of today.
666 stars after what appears to be several years of work suggests this fills a niche rather than a broad audience — Spring Boot 4 made some of this easier natively, so the value gap is narrowing. The REST client module is explicitly marked experimental, which makes it risky to build on for anything production-critical. Documentation is split across the repo, Baeldung articles, and per-module READMEs, making it harder than it should be to get a complete picture quickly. If you're not on Keycloak, Auth0, or Cognito, provider-specific config examples are sparse — you're on your own for anything unusual.