Skip to content

Opaque Token Introspection Strategy Flexibility #7344

New issue
New issue
Closed
Closed
Opaque Token Introspection Strategy Flexibility#7344
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.2.0.RC1
@jzheaux

Description

@jzheaux
jzheaux
opened on Sep 3, 2019

Most of the opaque token support anticipates the use of the OAuth 2.0 Introspection specification. For example, the authentication provider is OAuth2IntrospectionAuthenticationProvider.

This really isn't true though, since the contract is simply String -> Map of attributes. It's sensible to hit any trusted API that will exchange something that is opaque to the resource server for an attribute map. Thus, something like OpaqueTokenAuthenticationProvider is more sensible.

This aligns with the DSL: jwt() configures a JwtAuthenticationProvider and now opaqueToken() would configure an OpaqueTokenAuthenticationProvider.

On the same note, OAuth2IntrospectionAuthenticationToken implies an OAuth 2.0 Introspection authentication strategy, which may not be true. Instead, let's use BearerTokenAuthentication.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions