Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabled all *JwtDecoderBuilders to set a custom JWT validator #13423

Closed
wants to merge 2 commits into from
Closed

Enabled all *JwtDecoderBuilders to set a custom JWT validator #13423

wants to merge 2 commits into from

Conversation

ThomasKasene
Copy link
Contributor

@ThomasKasene ThomasKasene commented Jun 23, 2023
edited
Loading

This was discussed briefly as an example to make a point in #13366, but as per a suggestion there, I went ahead and added a jwtValidator(...) method to all the *JwtDecoderBuilders to enable customizing the JwtDecoder and ReactiveJwtDecoder further without having to resort to awkward temporary variables:

@Bean
ReactiveJwtDecoder jwtDecoder(/* ... */) {
    return NimbusReactiveJwtDecoder
            .withIssuerLocation(...)
            .webClient(...)
            .jwtValidator(...)
            .build();
}

as opposed to this:

@Bean
ReactiveJwtDecoder jwtDecoder(/* ... */) {
    var jwtDecoder = NimbusReactiveJwtDecoder
            .withIssuerLocation(...)
            .webClient(...)
            .build();
    jwtDecoder.setJwtValidator(...);
    return jwtDecoder;
}

Disclaimer: I recognize that I was never given a "go ahead" in #13366 to do this, so I understand if this addition is not the desired direction for the project.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 23, 2023
@ThomasKasene
Copy link
Contributor Author

This is not quite in line with the team's wishes as it introduces a secondary way of accomplishing the same thing as the existing setter, which might be confusing to some according to this comment.

I'll keep the branch though, and maybe submit something for Spring Security 7.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ThomasKasene @spring-projects-issues