Skip to content

Refactor auth token/login providers #7356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Refactor auth token/login providers #7356

wants to merge 1 commit into from

Conversation

pdelert
Copy link

@pdelert pdelert commented Sep 4, 2019

  • OAuth2AuthorizationCodeAuthenticationToken uses OAuth2LoginAuthenticationToken
  • OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 4, 2019
@pdelert pdelert mentioned this pull request Sep 4, 2019
Closed
@jgrandja jgrandja self-assigned this Sep 10, 2019
@jgrandja jgrandja added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 10, 2019
jgrandja
jgrandja requested changes Sep 10, 2019
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @pdelert. I left some feedback for you.

...mework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java Outdated
@@ -39,11 +39,9 @@
* @see OAuth2AccessToken
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
*/
public class OAuth2AuthorizationCodeAuthenticationToken extends AbstractAuthenticationToken {
public class OAuth2AuthorizationCodeAuthenticationToken extends OAuth2LoginAuthenticationToken {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proposed update should be OAuth2LoginAuthenticationToken extends OAuth2AuthorizationCodeAuthenticationToken. Please see comment.

OAuth2LoginAuthenticationProvider implements authorization_code grant flow on top of OpenID Connect, so it's logical for OAuth2LoginAuthenticationToken to extend OAuth2AuthorizationCodeAuthenticationToken.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments applied on code

...mework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java Outdated
*
* @return the {@link ClientRegistration}
*/
public ClientRegistration getClientRegistration() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a breaking change for a patch release. Please see Semantic versioning for more details.

...springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java Outdated
@@ -59,8 +59,7 @@
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response</a>
*/
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
public class OAuth2LoginAuthenticationProvider extends OAuth2AuthorizationCodeAuthenticationProvider {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The preference is that OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider as a collaborator (composition) instead of through extension. Similar to how OAuth2LoginReactiveAuthenticationManager uses OAuth2AuthorizationCodeReactiveAuthenticationManager internally.

...rg/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java Outdated
@@ -118,7 +118,7 @@ public OAuth2LoginAuthenticationToken(ClientRegistration clientRegistration,
}

@Override
public OAuth2User getPrincipal() {
public Object getPrincipal() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not need to be changed.

@pdelert
Refactor auth token/login providers
2cb5fdb 
* OAuth2LoginAuthenticationToken uses OAuth2AuthorizationCodeAuthenticationToken
* OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider
@pdelert pdelert requested a review from jgrandja September 16, 2019 15:00
jgrandja
jgrandja requested changes Sep 30, 2019
View reviewed changes
Copy link
Contributor

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @pdelert. Please see comments

...ork/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
@@ -83,4 +83,8 @@ public Authentication authenticate(Authentication authentication) throws Authent
public boolean supports(Class<?> authentication) {
return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
}

public OAuth2AccessTokenResponse getAccessTokenResponse(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change cannot go into a patch release as this is targeted for 5.1.x. Please review the acceptable changes for patch, minor and major.

...springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
authorizationCodeAuthentication.getClientRegistration(),
authorizationCodeAuthentication.getAuthorizationExchange()));
accessTokenResponse = ((OAuth2AuthorizationCodeAuthenticationProvider) this.authenticationProvider)
.getAccessTokenResponse(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead call OAuth2AuthorizationCodeAuthenticationProvider.authenticate()

...rg/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
private OAuth2AuthorizationExchange authorizationExchange;
private OAuth2AccessToken accessToken;
private OAuth2RefreshToken refreshToken;
private OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of composition use inheritance OAuth2LoginAuthenticationToken extends OAuth2AuthorizationCodeAuthenticationToken as noted in this comment

@jgrandja
Copy link
Contributor

jgrandja commented Dec 6, 2019

@pdelert Have you had time to apply the latest changes?

@jgrandja jgrandja added the status: waiting-for-feedback We need additional information before we can continue label Dec 11, 2019
@jgrandja
Copy link
Contributor

Closing in favour of #8170. Also see comment.

@jgrandja jgrandja closed this Mar 24, 2020
@jgrandja jgrandja removed the status: waiting-for-feedback We need additional information before we can continue label Mar 24, 2020
@rwinch rwinch added the status: duplicate A duplicate of another issue label Mar 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgrandja jgrandja jgrandja requested changes

Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pdelert @jgrandja @rwinch @spring-projects-issues