Resource Server - Multi-Tenant Jwt Decoder by Issuer #6817
Conversation
| jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json | ||
| multi-tenant-jwt: |
There was a problem hiding this comment.
I did not have mock server that supports JWTs with iss claims hence have put these as sample. They need not necessarily support JWT access tokens with iss claim in it. Please suggest how to use mock JWTs here w/ iss claim
| private String parseAndFindIssuer(String token) { | ||
| try { | ||
| Base64URL[] parts = JOSEObject.split(token); | ||
| JSONObject payload = JSONObjectUtils.parse(parts[1].decodeToString()); |
There was a problem hiding this comment.
Unfortunately this parsing is repeated again when NimbusJwtDecoder is invoked. If we limit this delegates to NimbusJwtDecoder and refactor the these two class we may be able to avoid double parsing.
|
Alternate approach to avoid double parsing is NimbusJwtMultiTenantDecoder.java with refactored NimbusJwtDecoder.java Furthermore we should be able to specify validator and converter beans for respective decoder in config (either by name or type). spring.security.oauth2.resourceserver:
multi-tenant-jwt:
-
issuer-uri: "https://mockwebserver.com/"
jwk-set-uri: ${mockwebserver.url}/.well-known/jwks.json
converter-bean-name: "mockwebserverJwtConverter"
validator-bean-name: "mockwebserverJwtValidator"
-
issuer-uri: "https://some-domain.com/"
public-key: "${some-domain.public-key}"
converter-bean-name: "someDomainJwtConverter"
validator-bean-name: "someDomainJwtValidator"
|
jzheaux
added
the
for: team-attention
jzheaux
removed
the
for: team-attention
spring-projects-issues
added
the
status: waiting-for-triage
|
Closing in favor of #6778 (comment) so the JWT is not parsed multiple times. |
Resolves issue #6778 : Resource Server - Multi-Tenant Jwt Decoder by Issuer