Skip to content

Implement Token Endpoint #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jgrandja opened this issue Apr 24, 2020 · 9 comments
Closed

Implement Token Endpoint #67

jgrandja opened this issue Apr 24, 2020 · 9 comments
Assignees
@kratostaine
Labels
type: enhancement A general enhancement
Milestone
0.0.1

Comments

@jgrandja
Copy link
Collaborator

jgrandja commented Apr 24, 2020
edited
Loading

An authorization server provides a token endpoint, which the client uses to exchange an authorization grant for an access token.

The OAuth2TokenEndpointFilter should be implemented as a Filter. The DefaultAuthorizationCodeTokenResponseClient in the spring-security-oauth2-client module is the client that calls the Token Endpoint.

Implementation Requirements

Specification References

3.1. Token Endpoint
4.1. Authorization Code Grant
4.1.3. Access Token Request
4.1.4. Access Token Response
@jgrandja jgrandja added type: enhancement A general enhancement status: on-hold We can't start working on this issue yet and removed type: enhancement A general enhancement labels Apr 24, 2020
@jgrandja jgrandja added this to the 0.0.1 milestone Apr 24, 2020
@jgrandja jgrandja added status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement and removed status: on-hold We can't start working on this issue yet labels Apr 24, 2020
@kratostaine
Copy link
Contributor

@jgrandja May I pick this up?

@jgrandja
Copy link
Collaborator Author

Thank you @kratostaine. The issue is yours.

@jgrandja jgrandja removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Apr 26, 2020
@jgrandja jgrandja mentioned this issue Apr 26, 2020
Closed
@dfcoffin dfcoffin mentioned this issue Apr 26, 2020
Closed
This was referenced Apr 28, 2020
Merged
Closed
@jgrandja
Copy link
Collaborator Author

jgrandja commented May 6, 2020

@kratostaine How are things coming along with the PR? Do you have any questions or do you need any help?

@kratostaine
Copy link
Contributor

@jgrandja Thank you for enquiring. I don't have any questions right now and am going as per the RFC 6749 spec. Will reach out whenever I have any doubts.

@kratostaine
Copy link
Contributor

kratostaine commented May 6, 2020
edited
Loading

authorizationGrantConverter should convert a valid authorization_code Access Token Request to OAuth2AuthorizationCodeAuthenticationToken

@jgrandja Have a query regarding this. How should the code in the access token request be validated as a valid auth code?

@kratostaine
Copy link
Contributor

OAuth2AccessTokenAuthenticationToken #68 should be returned from AuthenticationManager

@jgrandja Also regarding the above, I understand that OAuth2AuthorizationCodeAuthenticationProvider would be returning OAuth2AccessTokenAuthenticationToken object, but it has no method to return an object of OAuth2AccessTokenAuthenticationToken type, rather just the Authentication interface type. Should I expect there to be a different method which returns OAuth2AccessTokenAuthenticationToken object?

@jgrandja
Copy link
Collaborator Author

jgrandja commented May 7, 2020

@kratostaine

How should the code in the access token request be validated as a valid auth code?

The OAuth2AuthorizationCodeAuthenticationProvider is responsible for validating the code. This will be implemented by #68.

The authorizationGrantConverter should simply attempt to convert the access token request parameters to a OAuth2AuthorizationCodeAuthenticationToken and then pass it to the AuthenticationManager. If the request is NOT a access token request then the authorizationGrantConverter should return null and the Filter will continue on with the chain.

I understand that OAuth2AuthorizationCodeAuthenticationProvider would be returning OAuth2AccessTokenAuthenticationToken object, but it has no method to return an object of OAuth2AccessTokenAuthenticationToken type, rather just the Authentication interface type

The OAuth2TokenEndpointFilter will ultimately call AuthenticationManager.authenticate() passing OAuth2AuthorizationCodeAuthenticationToken and expecting the return value to be OAuth2AccessTokenAuthenticationToken - just cast it to this type.

@kratostaine
Copy link
Contributor

If the request is NOT a access token request then the authorizationGrantConverter should return null and the Filter will continue on with the chain.

@jgrandja regarding this, instead of having authorizationGrantConverter return null when the request is not an access token request, isn't it better to pass the request to the converter only if it's an access token request, and filter out the other requests? I planned on that way. Your thoughts please?

@jgrandja
Copy link
Collaborator Author

jgrandja commented May 7, 2020

@kratostaine

isn't it better to pass the request to the converter only if it's an access token request

Yes, thanks for clarifying this. Typically, a Filter would use a RequestMatcher to determine if it should handle the request. So the OAuth2TokenEndpointFilter will use a RequestMatcher to match on a valid Access Token Request and if matched pass it to authorizationGrantConverter.

@kratostaine kratostaine mentioned this issue May 7, 2020
Closed
9 tasks
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 16, 2020
@kratostaine
Added token endpoint implementation
7f5ddfc 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 16, 2020
@kratostaine
Added token endpoint implementation
d7698fe 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 17, 2020
@kratostaine
Added token endpoint implementation
7cb4dcf 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 17, 2020
@kratostaine
Added token endpoint implementation
6cef7b2 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 17, 2020
@kratostaine
Added token endpoint implementation
db8a3c3 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 18, 2020
@kratostaine
Added token endpoint implementation
af1c903 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 18, 2020
@kratostaine
Added token endpoint implementation
48dbf4f 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 18, 2020
@kratostaine
Added token endpoint implementation
3205ee1 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 18, 2020
@kratostaine
Added token endpoint implementation
058ca53 
Closes spring-projectsgh-67
kratostaine added a commit to kratostaine/spring-authorization-server that referenced this issue May 21, 2020
@kratostaine
Added token endpoint implementation
1a8672c 
Closes spring-projectsgh-67
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@kratostaine @jgrandja
Add token endpoint implementation
63c7a45 
Fixes spring-projectsgh-67
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kratostaine kratostaine

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
0.0.1
Development

Successfully merging a pull request may close this issue.

Added token endpoint implementation kratostaine/spring-authorization-server
3 participants
@jgrandja @kratostaine @spring-contributor