Skip to content

Support customizing headers of a request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sjohnr opened this issue Jul 20, 2021 · 1 comment
Closed

Support customizing headers of a request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10130

sjohnr opened this issue Jul 20, 2021 · 1 comment
Assignees
@sjohnr
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Milestone
5.6.0-M2

Comments

@sjohnr
Copy link
Member

sjohnr commented Jul 20, 2021

Expected Behavior

Headers added to the request via .headers((headers) -> populateTokenRequestHeaders(grantRequest, headers)) of the WebClient should be customizable so the application can add additional headers or customize the default set of headers provided by AbstractWebClientReactiveOAuth2AccessTokenResponseClient.

Current Behavior

Currently, the request can only be customized by providing a custom WebClient and registering an ExchangeFilterFunction. This limits the application to only the current ClientRequest, possibly requiring parsing and mutating the request after it has already been built, with the inability to access the current AbstractOAuth2AuthorizationGrantRequest.

Context

See gh-10042
@sjohnr sjohnr added type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jul 20, 2021
@sjohnr sjohnr mentioned this issue Jul 20, 2021
Closed
@sjohnr
Copy link
Member Author

sjohnr commented Jul 20, 2021

@vboulaye, I looked at AbstractWebClientReactiveOAuth2AccessTokenResponseClient while opening up this ticket. So far, it looks like the only customization points are package-private methods that can be overridden by a sub-class. However, the implementation on the servlet side uses the Converter interface, with a default implementation. For example, given <T extends AbstractOAuth2AuthorizationGrantRequest>:

	private Converter<T, HttpHeaders> headersConverter = this::populateTokenRequestHeaders;

Similar to the existing method but now returning headers:

	private HttpHeaders populateTokenRequestHeaders(T grantRequest) { ... }

And provide a nicely documented setter. I think something like this could be the way to go.

@vboulaye vboulaye mentioned this issue Jul 20, 2021
Closed
@sjohnr sjohnr self-assigned this Jul 21, 2021
vboulaye added a commit to vboulaye/spring-security that referenced this issue Jul 28, 2021
@vboulaye
enable customization of headers in AbstractWebClientReactiveOAuth2Acc…
47cb4eb 
…essTokenResponseClient

adds the possibility to customize the headers of the access token request, similarly to what is done in the AbstractOAuth2AuthorizationGrantRequestEntityConverter

Closes spring-projectsgh-10130
@sjohnr sjohnr closed this as completed in 0441570 Aug 9, 2021
sjohnr pushed a commit that referenced this issue Aug 9, 2021
Add gh-10130 to tests
fc553bf
@sjohnr sjohnr added this to the 5.6.0-M2 milestone Aug 10, 2021
akohli96 pushed a commit to akohli96/spring-security that referenced this issue Aug 25, 2021
@vboulaye
Enable customizing headers in token requests
3c88d72 
Adds the possibility to customize the headers of the access token request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient, similarly to what is done in the AbstractOAuth2AuthorizationGrantRequestEntityConverter.

Closes spring-projectsgh-10130
akohli96 pushed a commit to akohli96/spring-security that referenced this issue Aug 25, 2021
Add spring-projectsgh-10130 to tests
b222541
@sjohnr sjohnr mentioned this issue Dec 22, 2021
Closed
@sjohnr sjohnr mentioned this issue Jan 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
5.6.0-M2
Development

No branches or pull requests
1 participant
@sjohnr