Skip to content

authenticationDetailsSource of OAuth2TokenEndpointFilter should be customizable #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

authenticationDetailsSource of OAuth2TokenEndpointFilter should be customizable #448

wants to merge 1 commit into from

Conversation

@octopusthu
Copy link
Contributor

@octopusthu octopusthu commented Oct 3, 2021

  1. According to authenticationDetailsSource of OAuth2TokenEndpointFilter should be customizable #431 , make the authenticationDetailsSource field of OAuth2TokenEndpointFilter customizable by making it non-final and adding a setter.
  2. Add two tests to OAuth2TokenEndpointFilterTests, following the same way that authenticationConverter, authenticationSuccessHandler and authenticationFailureHandler are tested.
  3. Modify OAuth2TokenEndpointConfigurer to let authenticationDetailsSource customizable through the configurer.
  4. In OAuth2ClientCredentialsGrantTests, mock authenticationDetailsSource the same way that authenticationConverter, authenticationSuccessHandler and authenticationFailureHandler are mocked.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 3, 2021
@sjohnr
Copy link
Contributor

sjohnr commented Oct 5, 2021

Hi @octopusthu, is this PR ready for review? Or are you still working on it?

@octopusthu octopusthu marked this pull request as ready for review October 6, 2021 04:00
@octopusthu
Copy link
Contributor Author

octopusthu commented Oct 6, 2021

Hi @sjohnr , yes the PR is ready for review :)

@sjohnr sjohnr self-assigned this Oct 21, 2021
sjohnr
sjohnr suggested changes Oct 21, 2021
View reviewed changes
Copy link
Contributor

@sjohnr sjohnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @octopusthu. Please see suggestions below. When finished, please squash any new commits and edit the commit message to something like:

Customize authenticationDetailsSource of OAuth2TokenEndpointFilter

Closes gh-431

...ig/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenEndpointConfigurer.java Outdated
*/
public final class OAuth2TokenEndpointConfigurer extends AbstractOAuth2Configurer {
private RequestMatcher requestMatcher;
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
Copy link
Contributor

@sjohnr sjohnr Oct 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now, I think we should leave this out of the configurer, as it doesn't seem like most applications will need to customize this. Instead, if you want to set the filter's authenticationDetailsSource, you can do so by registering an ObjectPostProcessor<OAuth2TokenEndpointFilter>.

As always, we can continue to listen to feedback and if many are looking to customize this, we can revisit adding it into the configurer.

...nnotation/web/configurers/oauth2/server/authorization/OAuth2ClientCredentialsGrantTests.java Outdated
JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
jwtCustomizer = mock(OAuth2TokenCustomizer.class);
authenticationDetailsSource=mock(AuthenticationDetailsSource.class);
Copy link
Contributor

@sjohnr sjohnr Oct 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the above recommendation, I believe this could be removed from this test.

@sjohnr sjohnr added status: duplicate A duplicate of another issue type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 25, 2021
@sjohnr sjohnr linked an issue Oct 25, 2021 that may be closed by this pull request
authenticationDetailsSource of OAuth2TokenEndpointFilter should be customizable #431
Closed
@octopusthu
Copy link
Contributor Author

octopusthu commented Nov 3, 2021

Thanks for the review @sjohnr ! The requested changes have been made and the commits squashed. Now the PR is ready for another review :)

sjohnr pushed a commit that referenced this pull request Nov 3, 2021
Polish gh-448
defd1f9
@sjohnr
Copy link
Contributor

sjohnr commented Nov 3, 2021

Thanks @octopusthu, this is now in main in c9954af! I added a very small polish commit.

@sjohnr sjohnr closed this Nov 3, 2021
@octopusthu octopusthu deleted the gh-431 branch November 3, 2021 06:57
@jgrandja jgrandja added this to the 0.2.1 milestone Nov 3, 2021
jgrandja added a commit that referenced this pull request Nov 3, 2021
@jgrandja
Polish test gh-448
25c4a7d
@jgrandja jgrandja mentioned this pull request Feb 22, 2022
Closed
doba16 pushed a commit to doba16/spring-authorization-server that referenced this pull request Apr 21, 2023
Polish spring-projectsgh-448
ab8c79c
doba16 pushed a commit to doba16/spring-authorization-server that referenced this pull request Apr 21, 2023
@jgrandja
Polish test spring-projectsgh-448
9b06d12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sjohnr sjohnr sjohnr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sjohnr sjohnr

Labels

status: duplicate A duplicate of another issue type: enhancement A general enhancement

Projects

None yet

Milestone

0.2.1

Development

Successfully merging this pull request may close these issues.

authenticationDetailsSource of OAuth2TokenEndpointFilter should be customizable

4 participants

@octopusthu @sjohnr @jgrandja @spring-projects-issues