Skip to content

Client JwtBearer grant type should not require a Jwt when already authorized #9879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sclorng opened this issue Jun 8, 2021 · 1 comment
Closed

Client JwtBearer grant type should not require a Jwt when already authorized #9879

sclorng opened this issue Jun 8, 2021 · 1 comment
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@sclorng
Copy link

sclorng commented Jun 8, 2021

Expected Behavior

Being able to provide JwtAuthenticationToken only when required.

Current Behavior

In the actual requirement, it is required to push a JwtAuthenticationToken in every call. It is very costly to get such a token. More than just making the call itself.

Authentication authentication = new JwtAuthenticationToken(jws);
String body = webClient
    .get()
    .attributes(authentication(authentication).andThen(clientRegistrationId("client-jwt-bearer")))
    .retrieve()
    .bodyToMono(String.class)
    .block();

Context

we got poor performance when making call to very fast server api requiring a JwtBearer.

As a workaround, we redevelop the JwtBearer client provider to be able to ask for a Jwt token only when required.
@sclorng sclorng added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Jun 8, 2021
@sclorng sclorng mentioned this issue Jun 8, 2021
Closed
@jgrandja
Copy link
Contributor

@sclorng I re-opened gh-9812 so I'll close this as a duplicate.

@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Oct 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgrandja @sclorng