-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECAUTH-1483 #640
SECAUTH-1483 #640
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All looking good just couple of points to review 😉
return localScopeAuthorities(jwt, scopes); | ||
} | ||
|
||
protected Collection<GrantedAuthority> localScopeAuthorities(Jwt jwt, Collection<String> scopes) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the jwt seems to be not used in the method, is it required to have it in the argument list?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good finding!
But in this case this protected method is foreseen as "enhancement spot" and app developers may need access to other token claims.
...xsuaa/src/test/java/com/sap/cloud/security/xsuaa/token/TokenAuthenticationConverterTest.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏻
In
spring-xsuaa
Before
New
In
spring-security
You can subclass
XsuaaTokenAuthorizationConverter
and overwritelocalScopeAuthorities(Jwt jwt, Collection<String> scopes)
. An example is not yet available.