Skip to content

Incorrect documentation for OpaqueTokenIntrospector #16903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
OrangeDog opened this issue Apr 7, 2025 · 1 comment · Fixed by #16908
Closed

Incorrect documentation for OpaqueTokenIntrospector #16903

OrangeDog opened this issue Apr 7, 2025 · 1 comment · Fixed by #16908
Assignees
@rwinch
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: bug A general bug

Comments

@OrangeDog
Copy link
Contributor

Describe the bug
https://docs.spring.io/spring-security/site/docs/6.4.2/api/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.html

Returning a Map is indicative that the token is valid.

Returns: the token's attributes

The method returns an OAuth2AuthenticatedPrincipal, not a Map of attributes.

Expected behavior
Documentation to match the current implementation, and ideally describe the throws contract too.
Is the method also supposed to verify the token expiration, whether the user exists, etc. or is that done later?
@OrangeDog OrangeDog added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 7, 2025
@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this issue Apr 8, 2025
Merged
@rwinch rwinch self-assigned this Apr 8, 2025
@rwinch rwinch added status: duplicate A duplicate of another issue in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 8, 2025
@rwinch
Copy link
Member

rwinch commented Apr 8, 2025

Thanks for the report! I'm closing this in favor of gh-16908

@rwinch rwinch closed this as completed Apr 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Polish javadoc ngocnhan-tran1996/spring-security
2 participants
@rwinch @OrangeDog