AuthenticationPrincipal is null only with Postman request

I am trying run below application in my local(with necessary config changes related to OKTA)

All is working fine when application is accessed by browser. authentication is working fine at OKTA and redirected to application correctly.

but when i tried the same API using postman, OidcUser is coming as null. I generated accessToken from postman with grant_type client_credentials

@AuthenticationPrincipal OidcUser oidcUser

any clues?


My guess is this is how Spring Security works. It will populate this parameter if you login with a browser, but not if you send an access token. You could use the access token to call the /userinfo endpoint and get the user’s information that way. Or you could use Jwt instead of OidcUser, like this example shows.

public String index(@AuthenticationPrincipal Jwt jwt) {
    return String.format("Hello, %s!", jwt.getSubject());

Thank you so much @mraible

What could we do to make Spring provide the OidcUser (or any Principal for that matter) directly in controller methods when using only an access_token for auth?