Skip to content

Add support for access token in body parameter as per rfc 6750 Sec. 2.2 #15819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Add support for access token in body parameter as per rfc 6750 Sec. 2.2 #15819

wants to merge 8 commits into from

Conversation

jonah1und1
Copy link
Contributor

Currently, the reactive stack does not allow for authentication via parameter in body of post requests.
RFC-6750 Sec. 2.2 allows this. It is also support by mvc stack.

Related ticket: gh-15818.

@pivotal-cla
Copy link

@jonah1und1 Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 17, 2024
@sjohnr sjohnr self-assigned this Sep 19, 2024
@sjohnr sjohnr added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Sep 19, 2024
@pivotal-cla
Copy link

@jonah1und1 Thank you for signing the Contributor License Agreement!

@sjohnr sjohnr added this to the 6.5.x milestone Oct 24, 2024
sjohnr
sjohnr requested changes Oct 24, 2024
View reviewed changes
Copy link
Member

@sjohnr sjohnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks much for the PR @jonah1und1. Apologies for the delay. I have some feedback inline. Please note that I will hold off merging until after the GA release, since we are in the RC phase of 6.4 and will need to wait to introduce new APIs (setAllowFormEncodedBodyParameter()) until 6.5.

@sjohnr sjohnr removed the status: waiting-for-triage An issue we've not yet triaged label Oct 30, 2024
@sjohnr sjohnr modified the milestones: 6.5.x, 6.5.0-RC1 Apr 4, 2025
sjohnr added a commit that referenced this pull request Apr 7, 2025
@sjohnr
Polish gh-15819
1fb3fc8 
Closes gh-15818
@sjohnr sjohnr mentioned this pull request Apr 7, 2025
Closed
@sjohnr sjohnr moved this from In Progress to Done in Spring Security Team Apr 7, 2025
@sjohnr
Copy link
Member

sjohnr commented Apr 7, 2025
edited
Loading

@jonah1und1 thanks for your patiance. As discussed in this comment, I have decided to move forward as-is with this improvement.

This PR is merged into main as 9674532 with polish commit 1fb3fc8 and will be available in the 6.5.0 release. Thanks for contributing!

@sjohnr sjohnr closed this Apr 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjohnr sjohnr sjohnr requested changes

Assignees

@sjohnr sjohnr

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.5.0-RC1
Development

Successfully merging this pull request may close these issues.
4 participants
@jonah1und1 @pivotal-cla @sjohnr @spring-projects-issues