Skip to content

Seperate JWT Token generation #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
GrmpfNarf opened this issue Aug 20, 2021 · 9 comments · Fixed by #628
Closed

Seperate JWT Token generation #414

GrmpfNarf opened this issue Aug 20, 2021 · 9 comments · Fixed by #628
Assignees
@jgrandja
Labels
type: enhancement A general enhancement
Milestone
0.2.3

Comments

@GrmpfNarf
Copy link

Expected Behavior
It would be nice when the JWT Token generation from OAuth2ClientCredentialsAuthenticationProvider and OAuth2AuthorizationCodeAuthenticationProvider is moved to a sperate class so I can reuse it e.g. for an custom AuthenticationProvider
Current Behavior
Currently the JWT Token generation for the Access Token is inside the authenticate method of the both classes. To use it in a custom Authenticationprovider I have to copy the logic and everything around e.g. the JwtUtil and the resolve of the JwtEncoder from OAuth2ConfigurerUtils.getJwtEncoder(builder)

Context
I'm adding a custom Grant Type by adding a converter to the tokenEndpoint which provides an custom AutenticationToken which will be resolved by the custom AuthenticationProvider.
@GrmpfNarf GrmpfNarf added the type: enhancement A general enhancement label Aug 20, 2021
@jgrandja
Copy link
Collaborator

Thanks for the report @GrmpfNarf.

Hiding the Jwt token generation in the AuthenticationProvider's was intentional. However, the plan is to introduce an interface, e.g. OAuth2TokenIssuer, which can support any type of token. We'll soon be introducing opaque token support which will trigger some re-factoring.

Rest assured, the Jwt token generation will be extracted into a re-useable component, we're just not there yet.

I'll assign this to 0.2.1 but it may get pushed to a later release.

@jgrandja jgrandja self-assigned this Aug 20, 2021
@jgrandja jgrandja added type: design-work and removed type: enhancement A general enhancement labels Aug 20, 2021
@jgrandja jgrandja added this to the 0.2.1 milestone Aug 20, 2021
@jgrandja jgrandja modified the milestones: 0.2.1, 0.2.2 Oct 25, 2021
This was referenced Nov 17, 2021
Closed
Closed
@jgrandja jgrandja mentioned this issue Dec 9, 2021
Closed
@denis111
Copy link

The same happens to me, I had to copy-paste JwtUtil besides it seems that JoseHeader needs to be public because JwtUtil returns JoseHeader.Builder if you call JwtUtils.headers() that is needed to call then JwtEncodingContext.with(headersBuilder, claimsBuilder). But I see that conflicting class JoseHeader in Spring Security 5.6 is not public! So to make any custom Provider we JoseHeader to be public or maybe the future refactoring will not require it?

@gourav
Copy link
Contributor

gourav commented Dec 31, 2021

Hi @jgrandja.
May I take this up if it is not already assigned to anyone ?

@jgrandja
Copy link
Collaborator

jgrandja commented Jan 5, 2022

Thanks for your interest @Erised. I'm going to take this on as it touches on a few different classes and requires some refactoring and deprecation of JwtEncoder in favour of JwtEncoder that is now part of Spring Security 5.6.

@gourav
Copy link
Contributor

gourav commented Jan 5, 2022

@jgrandja Sure. Not an issue. Is there any other issue that's available ?

@jgrandja
Copy link
Collaborator

jgrandja commented Jan 6, 2022

@Erised Let me get back to you next week. I'm playing catch up this week :)

@jgrandja
Copy link
Collaborator

@Erised gh-493 and gh-571 are available. Do any of these interest you?

@gourav
Copy link
Contributor

gourav commented Jan 13, 2022

Hi @jgrandja. Sure. I can work on gh-493.

@jgrandja
Copy link
Collaborator

@Erised Can you comment in gh-493, e.g. "I would like to take this one" so I can assign it to you.

@jgrandja jgrandja modified the milestones: 0.2.2, 0.2.3 Jan 20, 2022
jgrandja added a commit to jgrandja/spring-authorization-server that referenced this issue Feb 16, 2022
@jgrandja
Introduce OAuth2TokenGenerator
8cb60f0 
Closes spring-projectsgh-414
@jgrandja jgrandja mentioned this issue Feb 16, 2022
Merged
@jgrandja jgrandja added type: enhancement A general enhancement and removed type: design-work labels Feb 16, 2022
jgrandja added a commit to jgrandja/spring-authorization-server that referenced this issue Feb 17, 2022
@jgrandja
Introduce OAuth2TokenGenerator
96c1dd2 
Closes spring-projectsgh-414
jgrandja added a commit to jgrandja/spring-authorization-server that referenced this issue Feb 22, 2022
@jgrandja
Introduce OAuth2TokenGenerator
f201022 
Closes spring-projectsgh-414
jgrandja added a commit that referenced this issue Feb 22, 2022
@jgrandja
Introduce OAuth2TokenGenerator
c799261 
Closes gh-414
jgrandja added a commit that referenced this issue Mar 23, 2022
@jgrandja
Move OAuth2TokenGenerator to token package
a13df8a 
Issue gh-414
Issue gh-638
Issue gh-639
Issue gh-500
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@jgrandja
Introduce OAuth2TokenGenerator
948b0e2 
Closes spring-projectsgh-414
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@jgrandja
Move OAuth2TokenGenerator to token package
c59bd85 
Issue spring-projectsgh-414
Issue spring-projectsgh-638
Issue spring-projectsgh-639
Issue spring-projectsgh-500
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
0.2.3
Development

Successfully merging a pull request may close this issue.

Introduce OAuth2TokenGenerator jgrandja/spring-authorization-server
4 participants
@denis111 @jgrandja @GrmpfNarf @gourav