Skip to content

Provide ability to customize claims in Jwt Client Assertion #9855

New issue
New issue
Closed
#10972
Closed
Provide ability to customize claims in Jwt Client Assertion#9855
#10972
Assignees
sjohnr
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.7.0-M3
@christophejan

Description

@christophejan
christophejan
opened on Jun 2, 2021

Currently spring security OAuth 2.0 client use provider details token uri as value for JWT aud claim of the assertion in OAuth 2.0 Client Authentication.

rfc 7523 say :

The token endpoint URL of the authorization server MAY be used as a value for an "aud" element to identify the authorization server as an intended audience of the JWT.

Rfc say may, not must. I would like to be able to use another value (I have to call a oauth 2 server that require a value different from the token url).

Current spring security behavior is provided by NimbusJwtClientAuthenticationParametersConverter. Overriding it’s behavior requires to copy/paste hundreds of lines as it’s a final class and it use many package-private classes.

Related gh-9208

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions