Skip AAD internal filter when is already authenticated or token not issued by AAD

microsoft / azure-spring-boot

Spring Boot Starters for Azure services

MIT License

374 stars 460 forks source link

Skip AAD internal filter when is already authenticated or token not issued by AAD #872

Closed saragluna closed 4 years ago

saragluna commented 4 years ago

Summary

When AADAuthenticationFilter or AADAppRoleStatelessAuthenticationFilter is auto-configured it will take action on every bearer token. This PR will skip the processing when the current context is already authenticated or the token is not issued by Azure AD.

Issue Type

New Feature

Starter Names

active directory spring boot starter

Additional Information

nikhilingole commented 4 years ago

Hey @saragluna / @jialindai - Any updates on this, when would it be part of a release. Thanks.

saragluna commented 4 years ago

@nikhilingole This will be out in our next release, which is two weeks later.

nikhilingole commented 4 years ago

Thanks @saragluna for the update and fixing the issue.

As a side comment - Shouldn't the response from the filter be 401/403 if the Token in invalid/expired etc instead of 5xx.