Consider adding runtime hints to support oauth2Login() and oauth2Client()

[msosa]

Describe the bug
When running a native spring boot image with spring security and redis sessions I get an error both with JDK serialization and the json serialization when trying to login via oauth2. It looks like there is this bug in spring session which seems related.

Specifically for the jackson error it looks like this not all the modules are in the loader

SecurityJackson2Modules.getModules(this.loader)

in particular these

org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module
org.springframework.security.web.jackson2.WebJackson2Module
org.springframework.security.web.server.jackson2.WebServerJackson2Module

are missing in the native image, but not the non-native image

To Reproduce
The Steps to reproduce are in the readme of the sample

Expected behavior
There should be no error when running a native image

Sample

Sample

A snippet from the error

org.springframework.data.redis.serializer.SerializationException: Could not read JSON:Class org.springframework.security.oauth2.client.jackson2.OAuth2AuthorizationRequestDeserializer has no default (no arg) constructor

[BenEfrati]

#15764 (comment)

[msosa]

Thanks @BenEfrati , I gave that a try(and the comment a little further down) but still see an error with both jdk and json serializer

[jgrandja]

@msosa Take a look at this working sample and specifically these runtime hints.

[msosa]

thanks @jgrandja that seems to fix the logging in issue!

Just a note and not sure it matters but I am using reactive and some of those hints were specifically for non reactive class. It still worked regardless though.

There is also one more issue I think now that login works. Going to /logout causes another new error

2025-11-14T21:00:56.161Z ERROR 1 --- [llEventLoop-5-1] a.w.r.e.AbstractErrorWebExceptionHandler : [2357269e-4]  500 Server Error for HTTP POST "/logout"

org.springframework.data.redis.serializer.SerializationException: Could not read JSON:Could not resolve subtype of [simple type, class java.lang.Object]: missing type id property '@class'

and here is what's in redis

"HMSET" "spring:session:sessions:b8a686f2-f97d-44a4-8882-7ba437cfd456" "lastAccessedTime" "1763156397112" "sessionAttr:org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository.CSRF_TOKEN" "{\"token\":\"a3dfeda2-c26f-1d0e-97d0-14e06b133e3b\",\"parameterName\":\"_csrf\",\"headerName\":\"X-CSRF-TOKEN\"}"

[msosa]

@jgrandja I had a little more time to look at it, the logout issue was due to some additional reactive classes missing hints, I made some swaps and got it to work locally

WebServletJackson2Module -> WebServerJackson2Module
DefaultCsrfTokenMixin -> DefaultCsrfServerTokenMixin
org.springframework.security.web.csrf.DefaultCsrfToken -> org.springframework.security.web.server.csrf.DefaultCsrfToken