Skip to content

Dedicated API for extracting roles from Oidc User flow #5349

New issue
New issue
Open
Open
Dedicated API for extracting roles from Oidc User flow#5349
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
@jzheaux

Description

@jzheaux
jzheaux
opened on May 15, 2018

Summary

Today, in order to extract Spring Security roles from custom role representations in the Oidc User flow, code needs to fall back to implementing an OAuth2UserService:

public MyRoleExtractingOidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private final OidcUserService delegate;

    // ...

    public OidcUser loadUser(OidcUserRequest request) {
        OidcUser user = delegate.loadUser(reqest);

        Collection<? extends GrantedAuthority> authorities = 
        // extract authorities using request and user objects

        return  new DefaultOidcUser(authorities, ...);
}

This follows from the reference documentation [1].

Would be nice to have a dedicated authorities extractor:

interface OAuth2UserAuthoritiesExtractor<R extends OAuth2UserRequest, U extends OAuth2User> {
    Collection<? extends GrantedAuthority> extractAuthorities(R request, U user);
}

[1] - https://docs.spring.io/spring-security/site/docs/5.0.5.RELEASE/reference/htmlsingle/#oauth2login-advanced-map-authorities-oauth2userservice

Additional Info

This is born out of some observations from @thomasdarimont in a OAuth github sample.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions