Skip to content

Introduce Reactive OAuth2Authorization success/failure handlers #7756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Introduce Reactive OAuth2Authorization success/failure handlers #7756

wants to merge 1 commit into from

Conversation

philsttr
Copy link
Contributor

@philsttr philsttr commented Dec 18, 2019
edited
Loading

All ReactiveOAuth2AuthorizedClientManagers now have authorization success/failure handlers.
Default success handlers will save authorized clients for future requests.
Default failure handlers will remove previously saved authorized clients.

ServerOAuth2AuthorizedClientExchangeFilterFunction also makes use of a
failure handler in the case of unauthorized or forbidden http status code.

The main use cases now handled are

  • remove authorized client when an authorization server indicates that a refresh token is no longer valid (when authorization server returns invalid_grant)
  • remove authorized client when a resource server indicates that an access token is no longer valid (when resource server returns invalid_token)

Introduced ClientAuthorizationException to capture details needed when removing an authorized client.
All ReactiveOAuth2AccessTokenResponseClients now throw a ClientAuthorizationException on failures.

Created AbstractWebClientReactiveOAuth2AccessTokenResponseClient to unify common logic between all ReactiveOAuth2AccessTokenResponseClients.

Fixes gh-7699

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 18, 2019
philsttr
philsttr commented Dec 19, 2019
View reviewed changes
@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 6, 2020
jgrandja
jgrandja requested changes Jan 6, 2020
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @philsttr ! I left some feedback for you. Also, can you change the copyright header 2019 -> 2020.

jgrandja
jgrandja requested changes Jan 15, 2020
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @philsttr. I left a couple more minor comments.

@philsttr
Introduce Reactive OAuth2Authorization success/failure handlers
4a5bade 
All ReactiveOAuth2AuthorizedClientManagers now have authorization success/failure handlers.
A success handler is provided to save authorized clients for future requests.
A failure handler is provided to remove previously saved authorized clients.

ServerOAuth2AuthorizedClientExchangeFilterFunction also makes use of a
failure handler in the case of unauthorized or forbidden http status code.

The main use cases now handled are
- remove authorized client when an authorization server indicates that a refresh token is no longer valid (when authorization server returns invalid_grant)
- remove authorized client when a resource server indicates that an access token is no longer valid (when resource server returns invalid_token)

Introduced ClientAuthorizationException to capture details needed when removing an authorized client.
All ReactiveOAuth2AccessTokenResponseClients now throw a ClientAuthorizationException on failures.

Created AbstractWebClientReactiveOAuth2AccessTokenResponseClient to unify common logic between all ReactiveOAuth2AccessTokenResponseClients.

Fixes spring-projectsgh-7699
@philsttr
Copy link
Contributor Author

philsttr commented Jan 16, 2020
edited
Loading

Not sure what is causing that ci failure. Help appreciated. Seems unrelated to my changes.

* What went wrong:
Execution failed for task ':spring-security-data:compileJava'.
> Could not resolve all files for configuration ':spring-security-data:detachedConfiguration8'.
   > Could not resolve org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.3.
     Required by:
         project :spring-security-data
      > Cannot choose between the following variants of org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.3:
          - enforcedRuntimeElements
          - runtimeElements
        All of them match the consumer attributes:
          - Variant 'enforcedRuntimeElements' capability org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.3:
              - Unmatched attributes:
                  - Found org.gradle.category 'enforced-platform' but wasn't required.
                  - Found org.gradle.status 'release' but wasn't required.
                  - Found org.gradle.usage 'java-runtime' but wasn't required.
          - Variant 'runtimeElements' capability org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.3:
              - Unmatched attributes:
                  - Found org.gradle.category 'platform' but wasn't required.
                  - Found org.gradle.status 'release' but wasn't required.
                  - Found org.gradle.usage 'java-runtime' but wasn't required.

@jgrandja
Copy link
Contributor

@philsttr The CI failure is not related to your updates. We're working on it.

@jgrandja jgrandja added this to the 5.3.0.RC1 milestone Jan 16, 2020
@jgrandja
Copy link
Contributor

@philsttr Thanks again for all your great work on this feature. I applied some minor javadoc edits and also moved SaveAuthorizedClientReactiveOAuth2AuthorizationSuccessHandler and RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler to the ...client.web package. This is now in master.

FYI, I logged #7840 for the Servlet implementation.

@jgrandja jgrandja closed this Jan 16, 2020
@philsttr
Copy link
Contributor Author

Thanks Joe! And thanks for all the brainstorming and reviews.

Also, I'm unfortunately not going to be able to work on the servlet implementation. I wish I could, but my company doesn't have an immediate need for the servlet impl (unlike the reactive impl), and I have more pressing stuff on my plate in the new year.

@jgrandja
Copy link
Contributor

@philsttr No worries Phil. I totally understand. I'll take care of it. Thanks again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux left review comments

@jgrandja jgrandja jgrandja approved these changes

Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.RC1
Development

Successfully merging this pull request may close these issues.

Introduce Reactive OAuth2Authorization success/failure handlers
4 participants
@philsttr @jgrandja @jzheaux @spring-projects-issues