Skip to content

Add support for client_credentials grant #5627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Add support for client_credentials grant #5627

wants to merge 3 commits into from

Conversation

jgrandja
Copy link
Contributor

@jgrandja jgrandja commented Aug 1, 2018

Fixes gh-4982

@jgrandja jgrandja requested a review from rwinch August 1, 2018 19:04
@jgrandja jgrandja force-pushed the gh-4982-client-creds-grant branch from 6ccf046 to c2c054a Compare August 1, 2018 20:08
rwinch
rwinch requested changes Aug 3, 2018
View reviewed changes
...ngframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.java Outdated

ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration();

// Headers
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a pretty large method. I think each of these block with a comment above them make sense to be in a separate private method

...ork/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.java
public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientRepository authorizedClientRepository) {
public OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it true that users will always need a ClientRegistrationRepository or is that only necessary for Client Credentials? If it is not always required, I prefer to overload the constructor with optional parameters last

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm even wondering if makes sense to have a separate resolver for the client credentials? If nothing else, the resolveArgument should probably be broken up into more than one method (and likely by the grant type)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ClientRegistrationRepository is required as I need to determine the clientRegistration.getAuthorizationGrantType() before I can delegate to the correct logic.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm even wondering if makes sense to have a separate resolver for the client credentials? If nothing else, the resolveArgument should probably be broken up into more than one method (and likely by the grant type)

The logic for authorization_code is this:


		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
			throw new ClientAuthorizationRequiredException(clientRegistrationId);
		}

I don't see much value in breaking this up into different methods? Do you find this unreadable?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do find it unreadable. As soon as you start adding block comments that should be an indicator that the method is too large. Instead change the block into a method that reads like the block comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you meant this comment for the getTokenResponse() method? I am breaking that up.

@rwinch rwinch self-assigned this Aug 8, 2018
@rwinch
Copy link
Member

rwinch commented Aug 8, 2018

This has been rebased and merged in via 9527432

@rwinch rwinch closed this Aug 8, 2018
@rwinch rwinch added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Aug 8, 2018
@rwinch rwinch added this to the 5.1.0.RC1 milestone Aug 8, 2018
@rwinch rwinch added the status: duplicate A duplicate of another issue label Aug 8, 2018
@jgrandja jgrandja deleted the gh-4982-client-creds-grant branch August 8, 2018 19:35
@rwinch rwinch added the type: enhancement A general enhancement label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch approved these changes

Assignees

@rwinch rwinch

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
5.1.0.RC1
Development

Successfully merging this pull request may close these issues.

Provide support for client_credentials grant
2 participants
@jgrandja @rwinch