Spring Security 5 : There is no PasswordEncoder mapped for the id "null"

When you are configuring the ClientDetailsServiceConfigurer, you have to also apply the new password storage format to the client secret.

.secret("{noop}secret")

Add .password("{noop}password") to Security config file.

For example :

auth.inMemoryAuthentication()        .withUser("admin").roles("ADMIN").password("{noop}password");

For anyone facing the same issue and not in need of a secure solution - for testing and debugging mainly - in memory users can still be configured.

This is just for playing around - no real world scenario.

The approach used below is deprecated.

This is where I got it from:

• source
• reference, also mentioned in the source above

Within your WebSecurityConfigurerAdapter add the following:

@SuppressWarnings("deprecation")@Beanpublic static NoOpPasswordEncoder passwordEncoder() {return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();}

Here, obviously, passwords are hashed, but still are available in memory.

Of course, you could also use a real PasswordEncoder like BCryptPasswordEncoder and prefix the password with the correct id:

// Create an encoder with strength 16BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16);String result = encoder.encode("myPassword");assertTrue(encoder.matches("myPassword", result));