Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100

Closed
jzheaux opened this issue Jul 13, 2019 · 2 comments · Fixed by #7271
Closed

JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100

jzheaux opened this issue Jul 13, 2019 · 2 comments · Fixed by #7271
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jul 13, 2019
edited
Loading

Related to #6945

It would be nice if an application could indicate a custom claim name for GrantedAuthoritys without creating a custom converter.

Something like:

JwtGrantedAuthoritiesConverter converter = new JwtGrantedAuthoritiesConverter();
converter.setAuthoritiesClaimName("authorities");

Would be easier to do than:

Converter<Jwt, List<GrantedAuthorities>> converter = jwt -> {
    List<String> authorities = (List<String>) jwt.getClaim("authorities");
    return authorities.stream()
        .map(authority -> "SCOPE_" + authority)
        .map(SimpleGrantedAuthority::new)
        .collect(Collectors.toList());
};

So, let's add a setter to JwtGrantedAuthoritiesConverter called setAuthoritiesClaimName so that the converter knows which claim to look for.
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jul 13, 2019
@jzheaux jzheaux added this to the 5.2.0.RC2 milestone Jul 13, 2019
@jzheaux jzheaux self-assigned this Jul 13, 2019
This was referenced Jul 13, 2019
Closed
Closed
This was referenced Jul 13, 2019
Closed
Closed
Closed
@jzheaux jzheaux added the status: first-timers-only An issue that can only be worked on by brand new contributors label Aug 2, 2019
@jzheaux jzheaux removed their assignment Aug 2, 2019
@andifalk
Copy link
Contributor

andifalk commented Aug 5, 2019

Hi @jzheaux
has anybody already claimed this first timers issue?
Would make sense to implement this one together with #7101. If this is ok for you I would be glad to take over implementation for both.

@jzheaux jzheaux removed the status: first-timers-only An issue that can only be worked on by brand new contributors label Aug 6, 2019
@jzheaux jzheaux self-assigned this Aug 6, 2019
@jzheaux
Copy link
Contributor Author

jzheaux commented Aug 6, 2019

@andifalk, it's yours!

@andifalk andifalk mentioned this issue Aug 16, 2019
Merged
andifalk added a commit to andifalk/spring-security that referenced this issue Aug 18, 2019
@andifalk
Add setter for authorities claim name in JwtGrantedAuthoritiesConverter
e964141 
Prior to this change authorities are always mapped using well known
claim names ('scope' or 'scp'). To change this default behaviour the
converter had to be replaced completely with a custom one.
This commit adds an additional setter to configure a custom
claim name like e.g. 'roles'. Without specifying a custom claim name
the default claims to be used still remains to the well known ones.
This way the authorities can be mapped according to customized
token claims.

Fixes spring-projectsgh-7100
jzheaux pushed a commit that referenced this issue Aug 20, 2019
@andifalk @jzheaux
Add setter for authorities claim name in JwtGrantedAuthoritiesConverter
0a058c9 
Prior to this change authorities are always mapped using well known
claim names ('scope' or 'scp'). To change this default behaviour the
converter had to be replaced completely with a custom one.
This commit adds an additional setter to configure a custom
claim name like e.g. 'roles'. Without specifying a custom claim name
the default claims to be used still remains to the well known ones.
This way the authorities can be mapped according to customized
token claims.

Fixes gh-7100
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@andifalk @kostya05983
Add setter for authorities claim name in JwtGrantedAuthoritiesConverter
ff78175 
Prior to this change authorities are always mapped using well known
claim names ('scope' or 'scp'). To change this default behaviour the
converter had to be replaced completely with a custom one.
This commit adds an additional setter to configure a custom
claim name like e.g. 'roles'. Without specifying a custom claim name
the default claims to be used still remains to the well known ones.
This way the authorities can be mapped according to customized
token claims.

Fixes spring-projectsgh-7100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.RC1
Development

Successfully merging a pull request may close this issue.

Add setter for authorities claim name in JwtGrantedAuthoritiesConverter andifalk/spring-security
2 participants
@andifalk @jzheaux