Introduce ReactiveJwtAuthenticationConverter

[jzheaux]

Users often need to consult external resources in a non-blocking way to collect granted authorities in Resource Server.

This is currently possible by implementing a Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>.

On the Servlet stack, this task can be accomplished more easily by extending JwtAuthenticationConverter:

public class MyAuthenticationConverter
        extends JwtAuthenticationConverter {

    @Override
    public Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
        // ... extract
    }
}

It would be nice to have the same simplicity on the reactive side:

public class MyReactiveAuthenticationConverter 
        extends ReactiveJwtAuthenticationConverter {

    @Override
    public Flux<GrantedAuthority> extractAuthorities(Jwt jwt) {
        // ... extract in a non-blocking way
    }
}

[edeandrea]

Would you like a PR for this?

[jzheaux]

Have I told you have lucky we are to have great contributors like you, @edeandrea?

Yes, a PR would be much appreciated, thank you.

I'm actually thinking that ReactiveJwtAuthenticationConverter would be abstract, and not have a default implementation for extractAuthorities.

The reason for this is that the user already gets the default scope-extraction logic by using JwtAuthenticationConverter, which they are already getting by default. The reason they'd use ReactiveJwtAuthenticationConverter is that they want to change that behavior.

[edeandrea]

That would be fine if I wanted to completely alter the authorities, but what if I want to merge the default behavior with my own set of authorities (which is actually my use case for bringing this up in the first place). Then I'd have to re-write that default logic myself rather than just calling super.

My thought would be to refactor JwtAuthenticationConverter and extract the logic that creates the authorities into its own Converter<Jwt, Collection<GrantedAuthority>> and have JwtAuthenticationConverter use that. Then ReactiveJwtAuthenticationConverter can use it too by wrapping in a Flux.fromIterable.

I'll code it out & submit a PR so you can see. If we need to tweak from there we can.

[edeandrea]

I opened #6277 for this. We can take the discussion over there if any re-factoring is needed.