Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for configuring an Authentication Converter for OAuth Resource Server opaque tokens #6963

Closed
bdemers opened this issue Jun 6, 2019 · 3 comments
Closed

Allow for configuring an Authentication Converter for OAuth Resource Server opaque tokens #6963

bdemers opened this issue Jun 6, 2019 · 3 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@bdemers
Copy link
Contributor

bdemers commented Jun 6, 2019

Summary

The new opaque token support is great!

I'd love it if the API matched the JWT equivalent with regards to configuration an authentication converter. For example:

httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(...)

Maybe something like:

httpSecurity.oauth2ResourceServer().opaqueToken().tokenAuthenticationConverter(...)

Where the converter would take a Map<String, Object> of claims.

Basically just allowing the additional processing to convert custom claims into authorities, similar to what how OAuth2IntrospectionAuthenticationProvider works:

spring-security/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProvider.java

Lines 129 to 135 in b1195e7

private Collection<GrantedAuthority> extractAuthorities(Map<String, Object> claims) {
Collection<String> scopes = (Collection<String>) claims.get(SCOPE);
return Optional.ofNullable(scopes).orElse(Collections.emptyList())
.stream()
.map(authority -> new SimpleGrantedAuthority("SCOPE_" + authority))
.collect(Collectors.toList());
}

Since this is possible already for JWT tokens adding something similar for opaque tokens would be great.

Thanks!
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 6, 2019
@rwinch
Copy link
Member

rwinch commented Jun 7, 2019

Thanks for the report @bdemers! @jzheaux will look at this soon

@jzheaux
Copy link
Contributor

jzheaux commented Jun 7, 2019

@bdemers, thanks for the report! Glad to hear you like the support.

This feature definitely appears useful, and we're looking into addressing it in #6830.

@jzheaux jzheaux added status: duplicate A duplicate of another issue in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: improvement and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 7, 2019
@jzheaux
Copy link
Contributor

jzheaux commented Jun 7, 2019

Closing in favor of #6830

@jzheaux jzheaux closed this as completed Jun 7, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bdemers @rwinch @jzheaux @spring-projects-issues