Skip to content

Re-structure OAuth2AuthenticationToken #4553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Sep 19, 2017 · 1 comment
Closed

Re-structure OAuth2AuthenticationToken #4553

jgrandja opened this issue Sep 19, 2017 · 1 comment
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.0.0.M5

Comments

@jgrandja
Copy link
Contributor

We should introduce a new Authentication that holds credentials returned from the Token Endpoint, for example, Access Token, Refresh Token and ID Token (for OIDC flows).

In the current design, OAuth2AuthenticationToken holds AccessToken and IdToken. With the proposed design, the new OAuth2TokensAuthenticationToken would hold the AccessToken and RefreshToken (future construct) and extend from AbstractAuthenticationToken

OAuth2AuthenticationToken should then extend OAuth2TokensAuthenticationToken which will hold the principal and associated authorities.

Hierarchy: OAuth2AuthenticationToken -> OAuth2TokensAuthenticationToken -> AbstractAuthenticationToken

Related #4521
@jgrandja jgrandja added the in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) label Sep 19, 2017
@jgrandja jgrandja added this to the 5.0.0.M5 milestone Sep 19, 2017
@jgrandja jgrandja self-assigned this Sep 19, 2017
This was referenced Sep 19, 2017
Closed
Closed
@jgrandja jgrandja changed the title Introduce Authentication for OAuth 2.0 Tokens Re-structure OAuth2AuthenticationToken Sep 20, 2017
@jgrandja
Copy link
Contributor Author

Instead of going with the proposed design as per above, I decided to split up OAuth2AuthenticationToken into OAuth2ClientAuthenticationToken and OAuth2UserAuthenticationToken.

The OAuth2ClientAuthenticationToken holds the ClientRegistration and AccessToken and represents the Authorized Client by the Resource Owner.

And the OAuth2UserAuthenticationToken represents an authenticated OAuth 2.0 User which is associated with a OAuth2ClientAuthenticationToken.

@jgrandja jgrandja added the type: enhancement A general enhancement label Sep 20, 2017
@jgrandja jgrandja mentioned this issue Sep 20, 2017
Closed
thomasdarimont pushed a commit to thomasdarimont/spring-security that referenced this issue Apr 25, 2018
@jgrandja @thomasdarimont
Re-structure OAuth2AuthenticationToken
451235b 
Fixes spring-projectsgh-4553
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.0.0.M5
Development

No branches or pull requests
1 participant
@jgrandja