Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify retrieving Introspection-specific attributes #6489

Closed
jzheaux opened this issue Jan 29, 2019 · 5 comments · May be fixed by jzheaux/spring-security#26
Closed

Simplify retrieving Introspection-specific attributes #6489

jzheaux opened this issue Jan 29, 2019 · 5 comments · May be fixed by jzheaux/spring-security#26
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jan 29, 2019
edited
Loading

Related to #5200 and #6352 (comment)

One way to simplify would be by creating an IntrospectionClaimAccessor similar to JwtClaimAccessor.
@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement labels Jan 29, 2019
@jzheaux jzheaux mentioned this issue Jan 29, 2019
Merged
@qavid
Copy link
Contributor

qavid commented Mar 8, 2020

Hi @jzheaux, I would like to work on this issue, could you please provide more details?

@jzheaux jzheaux mentioned this issue Mar 16, 2020
Open
@jzheaux
Copy link
Contributor Author

jzheaux commented Mar 16, 2020

@qavid - I took a look at your commit, and I like where you seem to be headed with it. Can you clarify where you'd like additional detail?

@jzheaux jzheaux self-assigned this Mar 16, 2020
@jzheaux
Copy link
Contributor Author

jzheaux commented Jun 16, 2020

@qavid are you still thinking about submitting a PR for this issue?

@qavid
Copy link
Contributor

qavid commented Jun 18, 2020

@jzheaux I would really like to, but i don't have much time. I'll try this weekend and I will let you know.

@qavid qavid mentioned this issue Jun 21, 2020
Closed
@qavid
Copy link
Contributor

qavid commented Jun 21, 2020

Hi @jzheaux, I have submitted PR, but I have one question.
Documentation for AuthenticatedPrincipal#getName states that returned name is never null but according to RFC7519 (JWT) and RFC7662 (Token Introspection) SUB claim is in both cases optional. What should be returned in case there isn't SUB claim in JWT or Token Introspection? Previous implementation of DefaultOAuth2AuthenticatedPrincipal would also return null in this case.

I wasn't sure if DefaultOAuth2AuthenticatedPrincipal should be removed so I have removed it in a separate commit.

jzheaux added a commit that referenced this issue Jul 10, 2020
@jzheaux
Polish OAuth2IntrospectionAuthenticatedPrincipal
221c33f 
Removed some duplication by delegating to
DefaultOAuth2AuthenticatedPrincipal

Changed order of listed interfaces to satisfy compiler issue. When
listed with OAuth2AuthenticatedPrincipal first, then
OAuth2ResourceServerBeanDefinitionParserTests would fail to import
OpaqueTokenBeanDefinitionParser. Switching
OAuth2AuthenticatedPrincipal with OAuth2IntrospectionClaimAccessor
resolved the compilation issue.

Issue gh-6489
jzheaux added a commit that referenced this issue Jul 10, 2020
@jzheaux
Update Opaque Token Sample
19f0628 
Issue gh-6489
jzheaux pushed a commit that referenced this issue Jul 10, 2020
@qavid @jzheaux
Simplify OAuth 2.0 Introspection Attribute Retrieval
a58278c 
In order to simplify retrieving of OAuth 2.0 Introspection specific
attributes, OAuth2IntrospectionClaimAccessor interface was introduced
and also new OAuth2AuthenticatedPrincipal implementing this new
interface (OAuth2IntrospectionAuthenticatedPrincipal).

Also DefaultOAuth2AuthenticatedPrincipal was replaced by
OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0
Introspection is performed (NimbusOpaqueTokenIntrospector,
NimbusReactiveOpaqueTokenIntrospector).

DefaultOAuth2AuthenticatedPrincipal can be still used by applications
that introspected the token without OAuth 2.0 Introspection.

OAuth2IntrospectionAuthenticatedPrincipal will also be used as a
default principal in tests where request is post-processed/mutated
by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator.

Closes gh-6489
jzheaux added a commit that referenced this issue Jul 10, 2020
@jzheaux
Polish OAuth2IntrospectionAuthenticatedPrincipal
46cfc16 
Removed some duplication by delegating to
DefaultOAuth2AuthenticatedPrincipal.

Issue gh-6489
jzheaux added a commit that referenced this issue Jul 10, 2020
@jzheaux
Update Opaque Token Sample
759b82c 
Issue gh-6489
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
2 participants
@qavid @jzheaux