Skip to content

Add Predicate for authorizationConsentRequired for device code grant #2048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Predicate for authorizationConsentRequired for device code grant #2048

wants to merge 1 commit into from

Conversation

dineshgupta630
Copy link

@dineshgupta630 dineshgupta630 commented Jun 16, 2025
edited
Loading

Adds a pluggable predicate to control whether consent is required in the device code grant flow . Fixes #1965

Notes: No breaking changes; the predicate is opt-in.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 16, 2025
@dineshgupta630 dineshgupta630 force-pushed the gh-1965-device-consent branch from 1bfbd37 to 9f0dfc6 Compare June 16, 2025 22:38
@dineshgupta630 dineshgupta630 marked this pull request as ready for review June 16, 2025 22:43
@dineshgupta630 dineshgupta630 mentioned this pull request Jun 16, 2025
Open
@dineshgupta630
Add device verification authentication context support
e16d62e 
Previously, device consent handling did not provide a dedicated context
for device verification authentication flows. This commit introduces
OAuth2DeviceVerificationAuthenticationContext and updates related
providers and tests to enhance device authorization and consent flows.

Fixes spring-projectsgh-1965

Signed-off-by: Dinesh Gupta <[email protected]>

Add Predicate for authorizationConsentRequired for device code grant

Introduce a customizable Predicate to determine whether user authorization consent is required
in the Device Code grant flow. This enhancement allows applications to define custom logic for
skipping or displaying the consent page, enabling greater flexibility to handle cases where
user code confirmation and scope approval may be decoupled.

The default behavior is preserved, but can be overridden by calling
OAuth2DeviceVerificationAuthenticationProvider#setAuthorizationConsentRequired(Predicate).

Closes: spring-projectsgh-1965

Signed-off-by: Dinesh Gupta <[email protected]>

Add Predicate for authorizationConsentRequired for device code grant

This commit introduces a Predicate extension point for determining
if user consent is required during the OAuth 2.0 Device Authorization
Grant (device code flow).

- Adds OAuth2DeviceVerificationAuthenticationContext to provide context to the Predicate
- Updates OAuth2DeviceVerificationAuthenticationProvider to support a custom Predicate via setAuthorizationConsentRequired
- Refactors default consent logic to use the Predicate
- Updates and adds tests for custom Predicate behavior

Closes spring-projectsgh-1965

Signed-off-by: Dinesh Gupta <[email protected]>

Refactor DeviceVerification context to align with code grant context

Refactored OAuth2DeviceVerificationAuthenticationContext to use a map-based
structure consistent with OAuth2AuthorizationCodeRequestAuthenticationContext.
Aligned method signatures, builder pattern, and attribute handling for
consistency and extensibility. Updated OAuth2DeviceVerificationAuthenticationProvider
to use the revised context and normalize requested scopes.

Closes spring-projectsgh-1965-device-consent

Authored-by: Dinesh Gupta <[email protected]>

Align device verification consent logic with code grant context

Refactored OAuth2DeviceVerificationAuthenticationProvider and its tests to ensure
the device verification consent logic and structure are consistent with the authorization code flow.
Improved test consistency, predicate usage, and aligned context handling for maintainability.

Closes spring-projectsgh-1965-device-consent

Authored-by: Dinesh Gupta <[email protected]>

Clarify Javadoc for device consent predicate

Closes spring-projectsgh-1965-device-consent

Authored-by: Dinesh Gupta <[email protected]>
Signed-off-by: Dinesh Gupta <[email protected]>

Fix test cases for device code consent predicate

Cleaned up and improved consistency of test cases related to the device code authorizationConsentRequired predicate.

Signed-off-by: Dinesh Gupta <[email protected]>
@dineshgupta630 dineshgupta630 force-pushed the gh-1965-device-consent branch from 9f0dfc6 to e16d62e Compare June 16, 2025 23:10
@dineshgupta630 dineshgupta630 changed the title Add device verification authentication context support Add Predicate for authorizationConsentRequired for device code grant Jun 16, 2025
@jgrandja jgrandja self-assigned this Jun 19, 2025
@jgrandja jgrandja added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 19, 2025
@jgrandja jgrandja added this to the 2.0.0-M1 milestone Jun 19, 2025
@jgrandja
Copy link
Collaborator

Thanks for the PR @dineshgupta630. I will review this soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jgrandja jgrandja

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.0.0-M1
Development

Successfully merging this pull request may close these issues.

Add Predicate for authorizationConsentRequired for device code grant
3 participants
@dineshgupta630 @jgrandja @spring-projects-issues