Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement reactive support for JWT as an Authorization Grant #10147

Closed
jgrandja opened this issue Jul 28, 2021 · 2 comments · Fixed by #10327
Closed

Implement reactive support for JWT as an Authorization Grant #10147

jgrandja opened this issue Jul 28, 2021 · 2 comments · Fixed by #10327
Assignees
@sjohnr
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.6.0-RC1

Comments

@jgrandja
Copy link
Contributor

This ticket addresses the reactive support for gh-6053.
@jgrandja jgrandja added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jul 28, 2021
@jgrandja jgrandja added this to the 5.6.0-M2 milestone Jul 28, 2021
@rwinch rwinch modified the milestones: 5.6.0-M2, 5.6.0-M3 Aug 16, 2021
@sjohnr sjohnr modified the milestones: 5.6.0-M3, 5.6.0-RC1 Sep 20, 2021
@sjohnr sjohnr mentioned this issue Sep 28, 2021
Merged
sjohnr added a commit to sjohnr/spring-security that referenced this issue Oct 5, 2021
@sjohnr
Implement reactive support for JWT as an Authorization Grant
4fe769e 
Closes spring-projectsgh-10147
sjohnr added a commit that referenced this issue Oct 5, 2021
@sjohnr
Implement reactive support for JWT as an Authorization Grant
9b24f66 
Closes gh-10147
@jonathannaguin
Copy link

@sjohnr a question about this implementation:

In PasswordReactiveOAuth2AuthorizedClientProvider.java, the username and password are retrieved from the context as attributes. Why is the JWT token treated differently?

@sjohnr
Copy link
Member

sjohnr commented Oct 7, 2021

Hi @jonathannaguin, that's a good question.

In this case, the goal was to align the reactive implementation with JwtBearerOAuth2AuthorizedClientProvider, which uses the authentication principal. All I can say for certain is that the password grant implementations do require context attributes to capture the credentials from request parameters (see docs) whereas other implementations (intentionally) do not. This most likely has to do with the need to access the request, which would not be available to a (Reactive)OAuth2AuthorizedClientProvider.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.6.0-RC1
Development

Successfully merging a pull request may close this issue.

Implement reactive support for JWT as an Authorization Grant sjohnr/spring-security
4 participants
@jonathannaguin @rwinch @sjohnr @jgrandja