Skip to content

Client JwtBearer grant type should not require a Jwt when already authorized #9879

New issue
New issue
Closed
Closed
Client JwtBearer grant type should not require a Jwt when already authorized#9879
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issue
@sclorng

Description

@sclorng
sclorng
opened on Jun 8, 2021

Expected Behavior

Being able to provide JwtAuthenticationToken only when required.

Current Behavior

In the actual requirement, it is required to push a JwtAuthenticationToken in every call. It is very costly to get such a token. More than just making the call itself.

Authentication authentication = new JwtAuthenticationToken(jws);
String body = webClient
    .get()
    .attributes(authentication(authentication).andThen(clientRegistrationId("client-jwt-bearer")))
    .retrieve()
    .bodyToMono(String.class)
    .block();

Context

we got poor performance when making call to very fast server api requiring a JwtBearer.

As a workaround, we redevelop the JwtBearer client provider to be able to ask for a Jwt token only when required.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions