Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for multiple access tokens per rfc 6750 #10302

Merged
merged 1 commit into from
Sep 28, 2021
Merged

Check for multiple access tokens per rfc 6750 #10302

merged 1 commit into from
Sep 28, 2021

Conversation

DarrenForsythe
Copy link
Contributor

Check for multiple access tokens on the ServerHttpRequest rather than get get first. If multiples are found throw a OAuth2AuthenticationException.

Closes gh-5708

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 20, 2021
jzheaux
jzheaux requested changes Sep 22, 2021
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @DarrenForsythe! I've left some feedback inilne.

...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java Outdated Show resolved Hide resolved
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java Outdated Show resolved Hide resolved
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java Outdated Show resolved Hide resolved
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java Show resolved Hide resolved
...ecurity/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverterTests.java Show resolved Hide resolved
@DarrenForsythe
Check for multiple access tokens per rfc 6750
8f50078 
Check for multiple access tokens on the ServerHttpRequest rather than get get first. If multiples are found throw a OAuth2AuthenticationException.

Closes spring-projectsgh-5708
@jzheaux jzheaux merged commit 5556b82 into spring-projects:main Sep 28, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Sep 28, 2021

Thanks for the contribution, @DarrenForsythe!

@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 28, 2021
@jzheaux jzheaux added this to the 5.6.0-RC1 milestone Sep 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
5.6.0-RC1
Development

Successfully merging this pull request may close these issues.

Reactive OAuth2 Bearer Token request spec compliance
3 participants
@DarrenForsythe @jzheaux @spring-projects-issues