Provide JDBC implementation of RegisteredClientRepository

[rlewczuk]

This would be useful in real-world workloads where clients are registered and maintained at runtime, without restarting server.

In fact, I've implemented it as I'm evaluating new spring authorization server in my (not-yet-production) projects. It follows userdetails.jdbc.JdbcDaoImpl implementation and only uses Spring JdbcTemplate.

If there are no objections, I would be happy to submit pull request when right time comes.

Current implementation: https://github.com/rlewczuk/spring-authorization-server/tree/gh-265-jdbc-client-repository

Related gh-57 gh-245

[jgrandja]

Thanks @rlewczuk. I've scheduled this for 0.1.2 so we can implement alongside gh-245.

Please see the comment in gh-245 related to JdbcOAuth2AuthorizedClientService.

Feel free to submit the PR after we get 0.1.1 out.
Thanks!

[metacubed]

@rlewczuk, what are your thoughts on.using the ARRAY database type for the scopes and authorities columns? It makes it easier to query/filter scopes during token generation.

[rlewczuk]

@metacubed ARRAY database type is not portable, for example MySQL does not support it.

But representation of collection attributes of RegisteredClient (scopes, grant types, authentication methods) is valid question. I also considered normalized representation (additional tables) and JSON-formatted fields. Ultimately I decided to keep design (queries, JSON parsing) as simple as possible and provide extension point for users to customize if necessary. You can use setRegisteredClientRowMapper() to provide your own mapper that will fit your solution (alongside with setClientsByIdQuery() method).

[StevenRogers302]

@rlewczuk
Why did you add two more AuthorizationGrantType and ClientAuthenticationMethod types ? Where can i get more information?

About:

public static final AuthorizationGrantType JWT_BEARER = new AuthorizationGrantType("urn:ietf:params:oauth:grant-type:jwt-bearer");

public static final AuthorizationGrantType SAML2_BEARER = new AuthorizationGrantType("urn:ietf:params:oauth:grant-type:saml2-bearer");

[xzxiaoshan]

Current implementation: https://github.com/rlewczuk/spring-authorization-server/tree/gh-265-jdbc-client-repository

---

@rlewczuk

Refer to the previous official table definition rule:
spring-security-oauth2-client-5.4.5.jar/org.springframework.security.oauth2.client/oauth2-client-schema.sql

It is indicated that the best choice is oauth2_ For prefixes, intuitive semantics are recommended for field names, so the following suggestions are made:

It is recommended to modify the name and field of the table as follows:

1. Change the table name clients to oauth2_ registered_ client
2. Modify column atoken_ttl is access_token_ttl
3. Modify column rtoken_ttl is refresh_token_ttl
4. Modify column rtoken_reuse is refresh_token_reuse

[rlewczuk]

@xzxiaoshan Database object names have been fixed. Thank you for review.

[rlewczuk]

@zhangzp-handsome those new constants refer to Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants as described in RFC 7521, 7522, 7523. I've added constants in separate commit rlewczuk@356d206. Adding this commit to jdbc-client-repository branch allowed to support those constants in JdbcRegisteredClientRepository, so I don't need to return to this issue later on. However, including it into this particular change is topic for discussion. As those constants are used across few branches (changes) I'm working on, it probably makes sense to submit them as separate PR.