From 4deb7398411a6e186bd620ce166956bae766d0de Mon Sep 17 00:00:00 2001
From: Justin Field <justin.field@armory.io>
Date: Mon, 19 Apr 2021 16:21:32 -0700
Subject: [PATCH] refactor(oauth): allow extension projects to override
 spinnaker user info token services primary bean, by explicitly disabling it
 (#1456)

---
 .../spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy b/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
index b6ed6b21cf..d5a3414f67 100644
--- a/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
+++ b/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
@@ -20,6 +20,7 @@ import com.netflix.spinnaker.gate.config.AuthConfig
 import com.netflix.spinnaker.gate.security.SpinnakerAuthConfig
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties
 import org.springframework.boot.context.properties.ConfigurationProperties
@@ -68,6 +69,11 @@ class OAuth2SsoConfig extends WebSecurityConfigurerAdapter {
 
   @Primary
   @Bean
+  @ConditionalOnProperty(
+    prefix = 'security.oauth2.resource.spinnaker-user-info-token-services',
+    name = 'enabled',
+    havingValue = 'true',
+    matchIfMissing = true)
   ResourceServerTokenServices spinnakerUserInfoTokenServices() {
     new SpinnakerUserInfoTokenServices()
   }