Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide Token Relay capability #5201

Closed
jgrandja opened this issue Apr 3, 2018 · 4 comments
Closed

Provide Token Relay capability #5201

jgrandja opened this issue Apr 3, 2018 · 4 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)

Comments

@jgrandja
Copy link
Contributor

jgrandja commented Apr 3, 2018
edited
Loading

Spring Cloud Security provides the capability to relay OAuth 2.0 access tokens from the Edge Service (Zuul proxy) to downstream Resource Server(s).

We should implement the same feature as Token Relay is a common pattern required by an Edge (Proxy) Service.
@jgrandja jgrandja added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Apr 3, 2018
@jgrandja jgrandja added this to the 5.1.0.M2 milestone Apr 3, 2018
@jgrandja
Copy link
Contributor Author

jgrandja commented Apr 3, 2018
edited
Loading

Related #4921

@jgrandja jgrandja changed the title Provide Stereotype annotation @OAuth2TokenRelayClient Provide Token Relay capability Jun 11, 2018
@jgrandja jgrandja modified the milestones: 5.1.0.M2, 5.1.0.RC1 Jul 24, 2018
@rwinch rwinch added type: enhancement A general enhancement and removed New Feature labels May 3, 2019
@alwaysastudent
Copy link

alwaysastudent commented May 28, 2019
edited
Loading

Is this coming ? At minimum we should be able to

  • Token relay using RestTemplate (+ Hystrix)
  • Token relay while using FeignClient (+ Hystrix)

@jgrandja
Copy link
Contributor Author

jgrandja commented May 31, 2019
edited
Loading

@alwaysastudent This won't make it into the 5.2 release. Also, we don't have plans on directly supporting RestTemplate and we haven't had discussions on providing support for FeignClient either. The current support is with WebClient.

You can easily implement Token Relay using any HTTP client of your choosing. All you need is the Jwt, which you can easily resolve JwtAuthenticationToken in a @Controller handler method and than obtain the Jwt using jwtAuthentication. getToken(). At this point you have the Jwt and can relay jwt.getTokenValue() to a downstream call.

Here's a Token Relay example using WebClient.

@jgrandja
Copy link
Contributor Author

This is resolved via #7284 with the new ServerBearerExchangeFilterFunction in 5.2.0.

@jgrandja jgrandja removed the type: enhancement A general enhancement label Nov 19, 2019
@jgrandja jgrandja self-assigned this Nov 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rwinch @alwaysastudent @jgrandja