Skip to content

Simplify chaining of OAuth2TokenValidator with JwtValidators defaults #14831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Apr 1, 2024 · 0 comments · Fixed by #14832
Closed

Simplify chaining of OAuth2TokenValidator with JwtValidators defaults #14831

jzheaux opened this issue Apr 1, 2024 · 0 comments · Fixed by #14832
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 1, 2024

It's common to compose the OAuth2TokenValidator<Jwt> defaults with additional validators. Here is an example from Spring Security:

class DefaultOidcIdTokenValidatorFactory implements Function<ClientRegistration, OAuth2TokenValidator<Jwt>> {

	@Override
	public OAuth2TokenValidator<Jwt> apply(ClientRegistration clientRegistration) {
		return new DelegatingOAuth2TokenValidator<>(new JwtTimestampValidator(),
				new OidcIdTokenValidator(clientRegistration));
	}

}

This could change to:

class DefaultOidcIdTokenValidatorFactory implements Function<ClientRegistration, OAuth2TokenValidator<Jwt>> {

	@Override
	public OAuth2TokenValidator<Jwt> apply(ClientRegistration clientRegistration) {
		return JwtValidators.createDefaultWithValidators(new OidcIdTokenValidator(clientRegistration));
	}

}

This convenience makes it simpler for applications to base their validation on the already-vetted Spring Security defaults, making applications more secure.
@jzheaux jzheaux added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 1, 2024
franticticktick pushed a commit to franticticktick/spring-security that referenced this issue Apr 2, 2024
Simplification of creation of OAuth2TokenValidator with JwtValidators…
1b4d0bf 
… defaults.

Closes spring-projectsgh-14831
franticticktick pushed a commit to franticticktick/spring-security that referenced this issue Apr 2, 2024
Simplification of creation of OAuth2TokenValidator with JwtValidators…
94ad641 
… defaults.

Closes spring-projectsgh-14831
@franticticktick franticticktick mentioned this issue Apr 2, 2024
Merged
franticticktick pushed a commit to franticticktick/spring-security that referenced this issue Apr 2, 2024
Add JwtValidators append to default
27f4dcb 
Implemented simplified creation of default OAuth2TokenValidator with additional validators.

Closes spring-projectsgh-14831
jzheaux pushed a commit that referenced this issue Apr 2, 2024
@jzheaux
Add JwtValidators append to default
ff19f04 
Implemented simplified creation of default OAuth2TokenValidator with additional validators.

Closes gh-14831
jzheaux added a commit that referenced this issue Apr 2, 2024
@jzheaux
Polish JwtValidators
ee42ad2 
Closes gh-14831
@franticticktick franticticktick mentioned this issue Apr 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
1 participant
@jzheaux