Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder #31233

Closed
damir78 opened this issue Sep 30, 2022 · 4 comments · Fixed by #31521
Closed

[BUG] OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder #31233

damir78 opened this issue Sep 30, 2022 · 4 comments · Fixed by #31521
Assignees
@chenrujun
Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization.
Milestone
2022-11

Comments

@damir78
Copy link

damir78 commented Sep 30, 2022
edited
Loading

Important: related issues: Connecting to Azure-AD via proxy #26493 #30456

Short story:

Add JwtDecoderFactory into AadOAuth2ClientConfiguration or AadWebSecurityConfigurerAdapter with the jwtDecoder that uses RestTemplateBilder.

  /**
   * Creates jwt decoder factory.
   *
   * @return The factor.
   */
  @Bean
  @ConditionalOnMissingBean
  public JwtDecoderFactory<ClientRegistration> createJwtDecoderFactory(JwtDecoder jwtDecoder) {
    return (ClientRegistration context) -> jwtDecoder;
  }

Long story:

The created AuthentifactionProvider (oauth2Login() ) by AadWebSecurityConfigurerAdapter#configure(HttpSecurity http) uses the default JwtDecoder /NimbusJwtDecoder created by OAuth2LoginConfigurer<HttpSecurity> oauth2Login().
This configurer tries to find a bean of JwtDecoderFactory .

image

If no jwtDecoderFactory found, then will OidcAuthorizationCodeAuthenticationProvider creates a new JwtDecoderFactory that uses default RestTemplate():

image

image

After calling NimbusJwtDecoder buildDecoder() with default RestTemplate():

image
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 30, 2022
@damir78 damir78 changed the title [BUG] 4.4.0, 4.5.0-beta.2 OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplaeBuilder [BUG] 4.4.0, 4.5.0-beta.2 OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder Sep 30, 2022
@joshfree joshfree added Client This issue points to a problem in the data-plane of the library. azure-spring All azure-spring related issues labels Oct 3, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Oct 3, 2022
@joshfree joshfree added bug This issue requires a change to an existing behavior in the product in order to be resolved. and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Oct 3, 2022
@ghost ghost added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Oct 3, 2022
@joshfree
Copy link
Member

joshfree commented Oct 3, 2022

@chenrujun could you please follow up?

@chenrujun chenrujun moved this to Todo in Spring Cloud Azure Oct 8, 2022
@chenrujun chenrujun added this to the 2022-11 milestone Oct 8, 2022
@chenrujun
Copy link

Hi, @damir78 , thanks for reaching out. I'll investigate this issue ASAP.

@chenrujun chenrujun changed the title [BUG] 4.4.0, 4.5.0-beta.2 OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder [BUG] OAuth2 config-> JwtDecoder / NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder Oct 9, 2022
@chenrujun chenrujun moved this from Todo to In Progress in Spring Cloud Azure Oct 9, 2022
@chenrujun chenrujun mentioned this issue Oct 9, 2022
Closed
3 tasks
@chenrujun
Copy link

Closing in favor of #31347

Repository owner moved this from In Progress to Done in Spring Cloud Azure Oct 9, 2022
@chenrujun chenrujun added azure-spring-aad Spring active directory related issues. and removed needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Oct 14, 2022
@chenrujun
Copy link

Reopen this issue because current plan to fix this issue by a standalone PR.

@chenrujun chenrujun reopened this Oct 17, 2022
Repository owner moved this from Done to In Progress in Spring Cloud Azure Oct 17, 2022
chenrujun pushed a commit to chenrujun/azure-sdk-for-java that referenced this issue Oct 17, 2022
@rujche
Fix Azure#31233: NimbusJwtDecoder still uses RestTemplate() instead R…
7a47e1b 
…estTemplateBuilder
@chenrujun chenrujun mentioned this issue Oct 17, 2022
Merged
@chenrujun chenrujun moved this from In Progress to Pending Review in Spring Cloud Azure Oct 17, 2022
chenrujun pushed a commit that referenced this issue Oct 19, 2022
@rujche
Fix #31233: NimbusJwtDecoder still uses RestTemplate() instead RestTe…
359bfba 
…mplateBuilder (#31521)
Repository owner moved this from Pending Review to Done in Spring Cloud Azure Oct 19, 2022
chenrujun pushed a commit to chenrujun/azure-sdk-for-java that referenced this issue Oct 21, 2022
@rujche
Fix Azure#31233: NimbusJwtDecoder still uses RestTemplate() instead R…
067cc2f 
…estTemplateBuilder
chenrujun pushed a commit to chenrujun/azure-sdk-for-java that referenced this issue Oct 24, 2022
@rujche
Fix Azure#31233: NimbusJwtDecoder still uses RestTemplate() instead R…
9029b80 
…estTemplateBuilder
moarychan pushed a commit that referenced this issue Oct 25, 2022
@rujche
Feature/spring boot 3 fix bugs caused by supporting azure ad proxy (#…
5c2c4af 
…31684)

* Fix #31190. Put a value into Collections.emptyMap()
* Fix #31191. duplicated "scope" parameter.
* Fix 31218 rest template is not well configured when jwk resolver is null
* Fix #31482 rest template used to get access token should only contain 2 converters.
* Fix #31233: NimbusJwtDecoder still uses RestTemplate() instead RestTemplateBuilder
* Fix #31593: Proxy setting not work in Azure AD B2C web application
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chenrujun chenrujun

Labels
azure-spring All azure-spring related issues azure-spring-aad Spring active directory related issues. bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization.
Projects
Spring Cloud Azure
Archived in project
Milestone
2022-11
3 participants
@joshfree @damir78 @chenrujun