Skip to content

Hook to modify additionalParameters of OAuth2AccessTokenAuthenticationToken #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Sm0keySa1m0n opened this issue Dec 6, 2022 · 3 comments
Closed

Hook to modify additionalParameters of OAuth2AccessTokenAuthenticationToken #1000

Sm0keySa1m0n opened this issue Dec 6, 2022 · 3 comments
Assignees
@jgrandja
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@Sm0keySa1m0n
Copy link

Sm0keySa1m0n commented Dec 6, 2022
edited
Loading

It would be useful to be able to modify the additionalParameters passed into OAuth2AccessTokenAuthenticationToken. This would allow you to use information from, for example, OAuth2Authorization to generate the final access token response.

As it stands, if you want to add info from OAuth2Authorization to access token response, you have to copy the entirety of OAuth2AuthorizationCodeAuthenticationProvider and add what you need to the additionalParameters. You can't use a custom access token response handler as you don't have access to the OAuth2Authorization in there.
@Sm0keySa1m0n Sm0keySa1m0n added the type: enhancement A general enhancement label Dec 6, 2022
@jgrandja
Copy link
Collaborator

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

See the reference documentation for OAuth2TokenEndpointFilter as it describes how you can override the Access Token Response by supplying an AuthenticationSuccessHandler via OAuth2AuthorizationServerConfigurer.tokenEndpoint().accessTokenResponseHandler().

You can't use a custom access token response handler as you don't have access to the OAuth2Authorization in there.

The OAuth2AccessTokenAuthenticationToken is passed to the accessTokenResponseHandler(), which contains the OAuth2AccessToken. You can then lookup the OAuth2Authorization via OAuth2AuthorizationService.findByToken(accessToken.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN).

@jgrandja jgrandja self-assigned this Dec 13, 2022
@jgrandja jgrandja added for: stackoverflow A question that's better suited to stackoverflow.com and removed type: enhancement A general enhancement labels Dec 13, 2022
@Sm0keySa1m0n
Copy link
Author

The OAuth2AccessTokenAuthenticationToken is passed to the accessTokenResponseHandler(), which contains the OAuth2AccessToken. You can then lookup the OAuth2Authorization via OAuth2AuthorizationService.findByToken(accessToken.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN).

Doing another lookup in the database is a workaround but isn't a very efficient solution, wouldn't it be better to add some sort of response attribute customiser that accepts the previous authenticated principal?

@jgrandja
Copy link
Collaborator

@Sm0keySa1m0n I don't feel another lookup is a workaround, however, I agree a secondary call to OAuth2AuthorizationService is not ideal.

There is a related issue in gh-925. Can you please log your specific use case there and then we can consider a holistic solution to address both uses cases. Thanks.

@emilburzo emilburzo mentioned this issue Mar 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgrandja @Sm0keySa1m0n