Open jonah1und1 opened 1 month ago
Any updates on this?
I happily improve on the issue description and/or pull request if needed.
@jonah1und1 thanks for checking. We are working on a few high priority items for the release and then I will be reviewing your PR. If you would like to get a head start, please check the PR for modern java features from Java 11+ and switch back to corresponding Java 8 features. We are not yet ready to update most of the source code to Java 17 features because we are following Spring Framework's lead on which language features we are using.
@sjohnr Thank you. I will do that.
Describe the bug When using opaque tokens with an OAuth 2 resource server, webflux's
ServerBearerTokenAuthenticationConverter
does not support authentication via url-encoded POST requests with their access token as a body parameter.RFC-6750 Sec. 2.2 describes this behaviour and it is supported by
DefaultBearerTokenResolver
in mvc.To Reproduce Create a POST endpoint for which authentication with an OAuth 2 resource server with an opaque token is needed. Doing so with the reactive stack does not allow for authentication via a body parameter.
Expected behavior Providing a body parameter with a valid access token named
access_token
should authenticate the request.Sample A sample project with designated test cases for the mvc and reactive stack can be found here: https://github.com/jonah1und1/spring-security-rfc6750-2.2