Additional information stored on the JwtToken are ignored when OAuth2Authentication is extracted #716
Description
If the JwtToken is loaded with additional information on the Authorization Server, that information will not make its way into the extracted OAuth2Authentication on the resource server side. Although that information is available in the decoded token and the Map that is passed to the DefaultAccessTokenConverter.extractAuthentication(Map).
When the extract operation is completed, the details field of the OAuth2Authentication is left empty. This field, in my opinion, would the best candidate for storing such information.
/**
* Stores additional details about the authentication request. These might be an IP
* address, certificate serial number etc.
*
* @return additional details about the authentication request, or <code>null</code>
* if not used
*/
Object getDetails();
The workaround would be to decode the raw token value that is stored on the OAuth2Authentication each time that extra information is needed. But this seems to be an extra step that can be avoided.
Is this the intended behavior? Thanks.