Allow custom header during bearer token extraction #8341
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
There was a problem hiding this comment.
Thanks, @TJReinert! I've left some feedback inline.
Also, could you make the same changes to DefaultBearerTokenResolver on the servlet side?
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
Outdated
Show resolved
Hide resolved
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
Outdated
Show resolved
Hide resolved
...ork/security/oauth2/server/resource/web/server/ServerBearerTokenAuthenticationConverter.java
Outdated
Show resolved
Hide resolved
jzheaux
added
in: oauth2
Added ability to specify the header that ServerBearerTokenAuthenticationConverter and DefaultBearerTokenResolver use to extract a Bearer Token. Fixes spring-projectsgh-8337
|
The CONTRIBUTING doc asked that we squash commits, does that include future changes? |
|
Looks good, @TJReinert! I'm going to add some documentation around your change, and then I think we'll be ready to merge. I don't think I understand your question about future changes, though. Could you elaborate? |
|
Apologies, must be losing my mind near end of day. I saw that it is asked that we squish our changes. Does that just apply to the 'initial' commit for the pull request? Or should all changes that are the result of a code review also be squished into a single commit. (Causing the need for a force push and comments on the PR to be unattached to a commit). |
|
Ah, @TJReinert, I see. Yes, it's usually the latter. It's preferred to minimize PR commits to simplify backporting. We aren't backporting in this case, but it's still good hygiene and makes the commit history easier to follow. |
|
@TJReinert, thanks again! This is now merged into |
Added ability to specify the header that the
ServerBearerTokenAuthenticationConverter uses to
extract a Bearer Token.
Fixes gh-8337