Skip to content

Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Oct 27, 2022 · 3 comments
Closed

Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider #944

jgrandja opened this issue Oct 27, 2022 · 3 comments
Assignees
@jgrandja
Labels
type: enhancement A general enhancement
Milestone
0.4.0-RC1

Comments

@jgrandja
Copy link
Collaborator

We should extract JwtClientAssertionDecoderFactory from JwtClientAssertionAuthenticationProvider into an outer class to allow for customization.

We also need to introduce JwtClientAssertionAuthenticationProvider.setJwtDecoderFactory(JwtDecoderFactory<RegisteredClient>) so an application can configure a customized JwtClientAssertionDecoderFactory, or alternatively, supply their own implementation of JwtDecoderFactory<RegisteredClient>.
@jgrandja jgrandja added the type: enhancement A general enhancement label Oct 27, 2022
@jgrandja jgrandja self-assigned this Oct 27, 2022
@jgrandja jgrandja added this to the 0.4.0-RC1 milestone Oct 27, 2022
jgrandja added a commit that referenced this issue Oct 27, 2022
@jgrandja
Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider
8c2b095 
Closes gh-944
@jgrandja
Copy link
Collaborator Author

With the new JwtClientAssertionDecoderFactory, an application now has the ability to customize the Jwt claims validation.

The following configuration demonstrates how to add a custom OAuth2TokenValidator<Jwt> in addition to the default OAuth2TokenValidator<Jwt>'s:

// Customize JwtClientAssertionDecoderFactory
JwtClientAssertionDecoderFactory jwtDecoderFactory = new JwtClientAssertionDecoderFactory();
Function<RegisteredClient, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = (registeredClient) -> {
	OAuth2TokenValidator<Jwt> defaultJwtValidator =
			JwtClientAssertionDecoderFactory.DEFAULT_JWT_VALIDATOR_FACTORY.apply(registeredClient);
	return new DelegatingOAuth2TokenValidator<>(
			defaultJwtValidator,	// Apply default validators
			new JwtClaimValidator<>("custom-claim", "custom-value"::equals));	// Apply custom validator
};
jwtDecoderFactory.setJwtValidatorFactory(jwtValidatorFactory);

// Configure JwtClientAssertionAuthenticationProvider
JwtClientAssertionAuthenticationProvider jwtClientAssertionAuthenticationProvider =
		new JwtClientAssertionAuthenticationProvider(registeredClientRepository, authorizationService);
jwtClientAssertionAuthenticationProvider.setJwtDecoderFactory(jwtDecoderFactory);

This was referenced Oct 27, 2022
Closed
Closed
@barneag
Copy link

barneag commented Nov 26, 2022

Hey @jgrandja,
where exactly we can configure those customs?
Do we need to add entire new JwtClientAssertionAuthenticationProvider to the existing providers, via OAuth2ClientAuthenticationConfigurer?

@sjohnr
Copy link
Contributor

sjohnr commented Dec 2, 2022

Hi @barneag! The reference documentation was updated in gh-945 (linked above). Take a look at Customizing Jwt Client Assertion Validation. I would recommend bookmarking the project page to quickly find links to the latest reference documentation.

@jgrandja jgrandja mentioned this issue Mar 27, 2023
Closed
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@jgrandja
Extract JwtDecoderFactory from JwtClientAssertionAuthenticationProvider
305bbf5 
Closes spring-projectsgh-944
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
0.4.0-RC1
Development

No branches or pull requests
3 participants
@sjohnr @jgrandja @barneag