JwtAuthenticationConverter should allow for configuring the principal claim

[jzheaux]

Related to #6865 and #7834

It's quite common for authorization servers to use the sub claim to refer to an internal user id. An example of this is Amazon Cognito. As such, it can be useful to introduce a custom claim to refer to a user id that resource servers will understand.

Configuring Resource Server to use a custom principal claim name currently looks like:

public class CustomPrincipalClaimName extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) {
        http
            .authorizeRequests(authorize -> authorize
                .anyRequest().authenticated()
            )
            .oauth2ResourceServer(oauth2 -> oauth2
                .jwt(jwt -> jwt
                    .jwtAuthenticationConverter(jwtAuthenticationConverter())
                )
            );
    }

    Converter<Jwt, JwtAuthenticationToken> jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter authoritiesConverter =
                new JwtGrantedAuthoritiesConverter();
        return jwt -> {
            Collection<GrantedAuthority> authorities = authoritiesConverter.convert(jwt);
            String name = jwt.getClaim("user_id");
            return new JwtAuthenticationToken(jwt, authorities, name);
        }
    }
}

By introducing something like setPrincipalClaimName, it could become:

// .. configure method as before

JwtAuthenticationConverter jwtAuthenticationConverter() {
    JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
    converter.setPrincipalClaimName("user_id");
    return converter;
}

[evgeniycheban]

Can I work on this issue?

[jzheaux]

It's yours, @evgeniycheban! Feel free to ask any questions here on the ticket.