Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement reactive support for JWT Client Authentication #10146

Closed
jgrandja opened this issue Jul 28, 2021 · 1 comment · Fixed by #10336
Closed

Implement reactive support for JWT Client Authentication #10146

jgrandja opened this issue Jul 28, 2021 · 1 comment · Fixed by #10336
Assignees
@sjohnr
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.6.0-RC1

Comments

@jgrandja
Copy link
Contributor

This ticket addresses the reactive support for gh-8175.
@jgrandja jgrandja added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jul 28, 2021
@jgrandja jgrandja added this to the 5.6.0-M2 milestone Jul 28, 2021
@jgrandja jgrandja mentioned this issue Jul 28, 2021
Closed
@Giambapisasale
Copy link

Giambapisasale commented Jul 29, 2021
edited
Loading

My workaround:

public class WebClientReactiveClientCredentialsTokenResponseClientConverter extends WebClientReactiveClientCredentialsTokenResponseClient
{

    private Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity< ? >> requestEntityConverter = new OAuth2ClientCredentialsGrantRequestEntityConverter();

...

private BodyInserters.FormInserter<String> createTokenRequestBody(OAuth2ClientCredentialsGrantRequest grantRequest)
    {
        ClientRegistration clientRegistration = clientRegistration(grantRequest);
        if (ClientAuthenticationMethod.PRIVATE_KEY_JWT.equals(clientRegistration.getClientAuthenticationMethod()))
        {
            MultiValueMap<String, String> request = (MultiValueMap<String, String>) this.requestEntityConverter
                    .convert(grantRequest)
                    .getBody();
            return BodyInserters.fromFormData(request);
        }
        BodyInserters.FormInserter<String> body = BodyInserters
                .fromFormData(OAuth2ParameterNames.GRANT_TYPE, grantRequest.getGrantType().getValue());
        return populateTokenRequestBody(grantRequest, body);
    }

configured with:


        OAuth2ClientCredentialsGrantRequestEntityConverter requestEntityConverter = new OAuth2ClientCredentialsGrantRequestEntityConverter();
        requestEntityConverter.addParametersConverter(new NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver));

        WebClientReactiveClientCredentialsTokenResponseClientConverter wcReactivePrivateKey = new WebClientReactiveClientCredentialsTokenResponseClientConverter();
        // wc.setWebClient(webClient); // questo dovrà essere compatibile con proxy e mtls
        wcReactivePrivateKey.setRequestEntityConverter(requestEntityConverter);

        ClientCredentialsReactiveOAuth2AuthorizedClientProvider prov = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();

        prov.setAccessTokenResponseClient(wcReactivePrivateKey);
        authorizedClientManager.setAuthorizedClientProvider(prov);

        ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
                authorizedClientManager);

@rwinch rwinch modified the milestones: 5.6.0-M2, 5.6.0-M3 Aug 16, 2021
@sjohnr sjohnr modified the milestones: 5.6.0-M3, 5.6.0-RC1 Sep 20, 2021
@sjohnr sjohnr mentioned this issue Sep 30, 2021
Merged
sjohnr added a commit to sjohnr/spring-security that referenced this issue Oct 6, 2021
@sjohnr
Add parameters converter support to AbstractWebClientReactiveOAuth2Ac…
f5c1a73 
…cessTokenResponseClient

This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes spring-projectsgh-10146
sjohnr added a commit that referenced this issue Oct 6, 2021
@sjohnr
Add parameters converter support to AbstractWebClientReactiveOAuth2Ac…
3b564b2 
…cessTokenResponseClient

This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.6.0-RC1
4 participants
@rwinch @sjohnr @Giambapisasale @jgrandja