Improve ClaimAccessor and externalize coercion #6245
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Milestone
The methods in
ClaimAccessor
attempt to coerce a mapped value ofObject
to a specific type, for example:getClaimAsBoolean
getClaimAsInstant
getClaimAsURL
The coercion happens on each
get
which is not ideal. It would be more efficient if the coercion happened once and before theMap<String, Object>
of claims is associated to the specific type ofClaimAccessor
implementation at construction time. This change would apply toOidcIdToken
,OidcUserInfo
, andJwt
.This capability is already implemented by
MappedJwtClaimSetConverter
, which is used byNimbusJwtDecoder
to normalize the claims before it's associated to theJwt
.We should reuse/share the logic in
MappedJwtClaimSetConverter
as part of this task. For example, theConverter
implementations inMappedJwtClaimSetConverter
should be reused.The text was updated successfully, but these errors were encountered: