Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2IntrospectionAuthenticationToken should be marked as @Transient #6829

Closed
jzheaux opened this issue May 1, 2019 · 3 comments · Fixed by #6918
Closed

OAuth2IntrospectionAuthenticationToken should be marked as @Transient #6829

jzheaux opened this issue May 1, 2019 · 3 comments · Fixed by #6918
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.M3

Comments

@jzheaux
Copy link
Contributor

jzheaux commented May 1, 2019

By default, Resource Server should be stateless. This is achieved in its JWT support via the @Transient annotation:

@Transient
public class JwtAuthenticationToken

For introspection, it would be better if OAuth2IntrospectionAuthenticationToken did the same thing:

@Transient
public class OAuth2IntrospectionAuthenticationToken

It'd also be good to add a test to confirm that by default no session is created when an app is configured for introspection.
@jzheaux jzheaux added this to the 5.2.0.M3 milestone May 1, 2019
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: first-timers-only An issue that can only be worked on by brand new contributors labels May 1, 2019
@huytn12
Copy link

huytn12 commented May 2, 2019

I can help you with this

@jzheaux
Copy link
Contributor Author

jzheaux commented May 2, 2019

Awesome, @huytn12. It's yours!

@jzheaux jzheaux removed the status: first-timers-only An issue that can only be worked on by brand new contributors label May 2, 2019
@jzheaux jzheaux self-assigned this May 2, 2019
@jzheaux jzheaux mentioned this issue May 20, 2019
Closed
florian42 added a commit to florian42/spring-security that referenced this issue May 29, 2019
@florian42
Add @transient to OAuth2IntrospectionAuthenticationToken
bc2f946 
fixes spring-projectsgh-6829
@florian42 florian42 mentioned this issue May 29, 2019
Merged
@florian42
Copy link
Contributor

Submitted PR for review: #6918

jzheaux pushed a commit that referenced this issue May 29, 2019
@florian42 @jzheaux
Add @transient to OAuth2IntrospectionAuthenticationToken
9fe8949 
fixes gh-6829
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M3
Development

Successfully merging a pull request may close this issue.

Add @transient to OAuth2IntrospectionAuthenticationToken florian42/spring-security
2 participants
@jzheaux @florian42