Skip to content

Simplify chaining of OAuth2TokenValidator with JwtValidators defaults #14831

New issue
New issue
Closed
#14832
Closed
Simplify chaining of OAuth2TokenValidator with JwtValidators defaults#14831
#14832
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement
@jzheaux

Description

@jzheaux
jzheaux
opened on Apr 1, 2024

It's common to compose the OAuth2TokenValidator<Jwt> defaults with additional validators. Here is an example from Spring Security:

class DefaultOidcIdTokenValidatorFactory implements Function<ClientRegistration, OAuth2TokenValidator<Jwt>> {

	@Override
	public OAuth2TokenValidator<Jwt> apply(ClientRegistration clientRegistration) {
		return new DelegatingOAuth2TokenValidator<>(new JwtTimestampValidator(),
				new OidcIdTokenValidator(clientRegistration));
	}

}

This could change to:

class DefaultOidcIdTokenValidatorFactory implements Function<ClientRegistration, OAuth2TokenValidator<Jwt>> {

	@Override
	public OAuth2TokenValidator<Jwt> apply(ClientRegistration clientRegistration) {
		return JwtValidators.createDefaultWithValidators(new OidcIdTokenValidator(clientRegistration));
	}

}

This convenience makes it simpler for applications to base their validation on the already-vetted Spring Security defaults, making applications more secure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions