-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Authorization Code Grant flow should support AccessToken only #4513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Milestone
Comments
jgrandja
added a commit
to jgrandja/spring-security
that referenced
this issue
Oct 5, 2017
The AuthorizationCodeAuthenticationProvider implements part of the Authorization Code Grant flow as defined in OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0. The implementation needs to be de-coupled to allow for better re-use and readability. This commit introduces the AuthorizationGrantAuthenticator and extracts logic from AuthorizationCodeAuthenticationProvider and provides different implementations for OAuth 2.0 and OpenID Connect 1.0. This re-factor is part of the work required for Issue spring-projectsgh-4513
jgrandja
added a commit
to jgrandja/spring-security
that referenced
this issue
Oct 5, 2017
Moved logic from AuthorizationCodeAuthenticationProvider to OAuth2UserAuthenticationProvider (new) related to loading user attributes via OAuth2UserService. This re-factor is part of the work required for Issue spring-projectsgh-4513
thomasdarimont
pushed a commit
to thomasdarimont/spring-security
that referenced
this issue
Apr 25, 2018
The AuthorizationCodeAuthenticationProvider implements part of the Authorization Code Grant flow as defined in OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0. The implementation needs to be de-coupled to allow for better re-use and readability. This commit introduces the AuthorizationGrantAuthenticator and extracts logic from AuthorizationCodeAuthenticationProvider and provides different implementations for OAuth 2.0 and OpenID Connect 1.0. This re-factor is part of the work required for Issue spring-projectsgh-4513
thomasdarimont
pushed a commit
to thomasdarimont/spring-security
that referenced
this issue
Apr 25, 2018
Moved logic from AuthorizationCodeAuthenticationProvider to OAuth2UserAuthenticationProvider (new) related to loading user attributes via OAuth2UserService. This re-factor is part of the work required for Issue spring-projectsgh-4513
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Uh oh!
There was an error while loading. Please reload this page.
The
AuthorizationCodeAuthenticationProcessingFilter
currently supports theoauth2Login
feature. It handles the Authorization Response callback and processes it with it's collaborators in the following step sequence:AuthorizationCode
Grant for anAccessToken
OAuth2UserService
to load thePrincipal
information and ultimately authenticate the sessionStep 2 is not specified as part of the Authorization Code Grant flow in the OAuth 2.0 spec. However, we need this step in order to realize the
oauth2Login
feature.But we also need to support the Authorization Code Grant flow as per spec for cases where the Authorized client needs to fetch a new
AccessToken
to access other protected resources (after the end-user has authenticated).In order to support this,
AuthorizationCodeAuthenticationProcessingFilter
andAuthorizationCodeAuthenticationProvider
will need to be re-factored.The text was updated successfully, but these errors were encountered: