Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.
This repository was archived by the owner on May 31, 2022. It is now read-only.

Missing resourceIds in the creation of an OAuth2Request in the TokenRequest class #271

Closed
Closed
Missing resourceIds in the creation of an OAuth2Request in the TokenRequest class#271
Labels
type: bug
Milestone
2.0.4
@wjslawski

Description

@wjslawski
wjslawski
opened on Oct 10, 2014

using spring for: OAuth2 AuthN and AuthZ server, (securing) resource server, JWT based accessToken
version: spring-security-oauth2 v2.0.3.RELEASE

The short story

I have done the following:

  • Defined a resourceId for a client.
  • Defiend a resourceId for the resource server

I expected the resourceId to be set in the (JWT) claim aud, but that step failed.

I found out:
The hole chain fails at the following point: The class org.springframework.security.oauth2.provider.TokenRequest misses to pass through the resourceIds in the methodcreateOAuth2Request(ClientDetails client). null is passed instead of the resourceIds. Look at return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), null, null, null, null);. Because the resourceId is missing in the OAuth2Request the DefaultAccessTokenConverter does not set the aud claim.

I would suggest to pass through the client.getResourceIds() instead of null
in the TokenRequest class.
Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions