Skip to content

Separate TokenRefresh capability from ServerOAuth2AuthorizedClientExchangeFilterFunction #6962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wtatum opened this issue Jun 6, 2019 · 1 comment
Closed

Separate TokenRefresh capability from ServerOAuth2AuthorizedClientExchangeFilterFunction #6962

wtatum opened this issue Jun 6, 2019 · 1 comment
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@wtatum
Copy link

wtatum commented Jun 6, 2019

Summary

The ability to automatically and transparently refresh an OAuth 2 token in ServerOAuth2AuthorizedClientExchangeFilterFunction is useful enough that I'd like to be able to use it in other places. However most of the "meat" of the class is private. My particular case is an attempt to solve and/or work around spring-attic/spring-cloud-security#175 by implementing a refresh using the logic provided in ServerOAuth2AuthorizedClientExchangeFilterFunction. Unfortunately the interface of ServerOAuth2AuthorizedClientExchangeFilterFunction is specific to ClientRequest / ClientResponse and the interface of Spring Cloud Gateway's GatewayFilter is specific to ServerWebExchange.

A lot of the internals of ServerOAuth2AuthorizedClientExchangeFilterFunction are about retrieving and updating the OAuth2AuthorizedClient, and would be equally applicble to ClientRequest or ServerWebExchange, with only a little bit of glue needed to adapt to the right interface.

Actual Behavior

Otherwise reusable behaviors of ServerOAuth2AuthorizedClientExchangeFilterFunction are implemented in private methods.

Expected Behavior

The more reusable methods such as refreshIfNecessary (and dependencies) should be extracted to utility functions or a more reusable bean.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 6, 2019
@jgrandja
Copy link
Contributor

jgrandja commented Jun 6, 2019

@wtatum This work is currently underway in #6811. One of the tasks includes separating the refresh_token logic into a new implementation of OAuth2AuthorizeClientProvider to allow for reuse.

I'm going to close this issue as a duplicate.

@jgrandja jgrandja closed this as completed Jun 6, 2019
@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wtatum @jgrandja @spring-projects-issues