Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encode clientId and clientSecret for OpaqueTokenIntrospector and ReactiveOpaqueTokenIntrospector #16008

Merged
merged 1 commit into from
Jan 16, 2025
Merged

Encode clientId and clientSecret for OpaqueTokenIntrospector and ReactiveOpaqueTokenIntrospector #16008

merged 1 commit into from
Jan 16, 2025

Conversation

ngocnhan-tran1996
Copy link
Contributor

Closes gh-15988

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 29, 2024
@jzheaux jzheaux added this to the 6.5.x milestone Nov 7, 2024
@jzheaux jzheaux added status: blocked An issue that's blocked on an external project change type: bug A general bug in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 7, 2024
jzheaux
jzheaux requested changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ngocnhan-tran1996 thanks for your patience while we got ready for 6.5 development. I've left my feedback inline.

...ngframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
@jzheaux jzheaux modified the milestones: 6.5.x, 6.5.0-M1 Dec 19, 2024
@ngocnhan-tran1996 ngocnhan-tran1996 force-pushed the encode-client-before-calling-basic-auth branch 3 times, most recently from 9a239bc to c1f2f7d Compare December 19, 2024 18:21
jzheaux
jzheaux requested changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @ngocnhan-tran1996! I've sent you some of my feedback, mostly about Security's code conventions. Also, if you are able, please also update the documentation to use the builder instead of the now-deprecated constructor.

...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
@ngocnhan-tran1996 ngocnhan-tran1996 force-pushed the encode-client-before-calling-basic-auth branch from b55d6be to 116b041 Compare December 21, 2024 13:21
jzheaux
jzheaux requested changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update, @ngocnhan-tran1996, and for your patience as I came back around to this PR. I've left some additional feedback inline.

Also, are you able to update the documentation here and here to use the new builder instead of the now-deprecated constructor?

...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ngframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.java Outdated Show resolved Hide resolved
...ecurity/oauth2/server/resource/introspection/SpringReactiveOpaqueTokenIntrospectorTests.java Outdated Show resolved Hide resolved
@ngocnhan-tran1996 ngocnhan-tran1996 force-pushed the encode-client-before-calling-basic-auth branch 2 times, most recently from bda3381 to 14e71ef Compare January 14, 2025 21:07
@ngocnhan-tran1996 @jzheaux
Encode Introspection clientId and clientSecret
cfa1dda 
Closes spring-projectsgh-15988

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@jzheaux jzheaux force-pushed the encode-client-before-calling-basic-auth branch from 3a1bc56 to cfa1dda Compare January 16, 2025 21:06
@jzheaux jzheaux removed the status: blocked An issue that's blocked on an external project change label Jan 16, 2025
@jzheaux jzheaux merged commit aced3bc into spring-projects:main Jan 16, 2025
6 checks passed
@ngocnhan-tran1996 ngocnhan-tran1996 deleted the encode-client-before-calling-basic-auth branch January 18, 2025 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug
Projects
Spring Security Team
Status: No status
Milestone
6.5.0-M1
Development

Successfully merging this pull request may close these issues.

Implementations of OpaqueTokenIntrospector fail to URL encode client secret
3 participants
@ngocnhan-tran1996 @jzheaux @spring-projects-issues