Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt OpaqueTokenIntrospector auto-configuration so that Nimbus is no longer required #29572

Closed
wants to merge 2 commits into from
Closed

Adapt OpaqueTokenIntrospector auto-configuration so that Nimbus is no longer required #29572

wants to merge 2 commits into from

Conversation

lukaskusterbi
Copy link
Contributor

Since Spring Security implemented their own SpringOpaqueTokenIntrospector (see spring-projects/spring-security#9354), Spring Boot should configure that by default instead of relying on the com.nimbusds:oauth2-oidc-sdk dependency.

This PR replaces the NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector in the default configuration, allowing applications to remove the com.nimbusds:oauth2-oidc-sdk dependency.

@lukaskusterbi
configure SpringOpaqueTokenIntrospector
857c581 
this replaces NimbusOpaqueTokenIntrospector as default OpaqueTokenInspector,
allowing applications to remove the com.nimbusds:oauth2-oidc-sdk dependency
@pivotal-cla
Copy link

@lukaskusterbi Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 26, 2022
@lukaskusterbi
Copy link
Contributor Author

@pivotal-cla This is an Obvious Fix

@pivotal-cla
Copy link

@lukaskusterbi This Pull Request contains an obvious fix. Signing the Contributor License Agreement is not necessary.

@snicoll
Copy link
Member

snicoll commented Jan 26, 2022

@lukaskusterbi unfortunately I don't think that qualifies as an obvious fix. I don't know what we're going to do with this PR but you'll need to sign the CLA if we decide to merge it.

@lukaskusterbi
Copy link
Contributor Author

OK, thanks for the heads-up. I'll need to check with Legal since it's not on our list of approved CLAs.

@snicoll snicoll added the status: on-hold We can't start working on this issue yet label Jan 26, 2022
@pivotal-cla
Copy link

@lukaskusterbi Thank you for signing the Contributor License Agreement!

@snicoll snicoll removed the status: on-hold We can't start working on this issue yet label Jan 28, 2022
@snicoll snicoll changed the title configure SpringOpaqueTokenIntrospector Adapt NimbusOpaqueTokenIntrospector so that Nimbus is no longer required Jan 31, 2022
@snicoll snicoll changed the title Adapt NimbusOpaqueTokenIntrospector so that Nimbus is no longer required Adapt OpaqueTokenIntrospector auto-configuration so that Nimbus is no longer required Jan 31, 2022
@mbhave
Copy link
Contributor

mbhave commented Feb 1, 2022

@jzheaux Is this what the Spring Security team recommends for Spring Boot auto-configuration?

@mbhave mbhave added the status: waiting-for-internal-feedback An issue that needs input from a member or another Spring Team label Feb 1, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Feb 1, 2022

Yes, @mbhave, SpringOpaqueTokenIntrospector is best given that it removes the dependency on oauth2-oidc-sdk. I think it would be good to do the same thing with SpringReactiveOpaqueTokenIntrospector.

@mbhave mbhave added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged status: waiting-for-internal-feedback An issue that needs input from a member or another Spring Team labels Feb 1, 2022
@mbhave mbhave added this to the 2.7.x milestone Feb 1, 2022
@lukaskusterbi
Copy link
Contributor Author

Shall I adapt the configuration for SpringReactiveOpaqueTokenIntrospector as well? Or should that be done in a separate PR?

@snicoll
Copy link
Member

snicoll commented Feb 4, 2022
edited
Loading

@lukaskusterbi if you have time, please go ahead! You can update this PR by pushing more to the configure_springopaquetokenintrospector branch.

@lukaskusterbi
configure SpringReactiveOpaqueTokenIntrospector
266bdd0 
this replaces NimbusReactiveOpaqueTokenIntrospector as default ReactiveOpaqueTokenInspector,
allowing applications to remove the com.nimbusds:oauth2-oidc-sdk dependency
wilkinsona pushed a commit that referenced this pull request Feb 10, 2022
@lukaskusterbi @wilkinsona
Auto-configure Spring rather than Nimbus opaque token introspectors
131ea70 
See gh-29572
wilkinsona added a commit that referenced this pull request Feb 10, 2022
@wilkinsona
Polish "Auto-configure Spring rather than Nimbus opaque token introsp…
fc5ede7 
…ectors"

See gh-29572
@wilkinsona
Copy link
Member

Thanks very much for making your first contribution to Spring Boot, @lukaskusterbi.

@wilkinsona wilkinsona modified the milestones: 2.7.x, 2.7.0-M2 Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.7.0-M2
Development

Successfully merging this pull request may close these issues.
7 participants
@lukaskusterbi @pivotal-cla @snicoll @mbhave @jzheaux @wilkinsona @spring-projects-issues