Skip to content

Add allowIfSubType for URL and Instant in OAuth2ClientJacksonModule#19243

Open
qwerty7878 wants to merge 1 commit into
spring-projects:mainfrom
qwerty7878:fix/oauth2-jackson-module-allow-url-instant
Open

Add allowIfSubType for URL and Instant in OAuth2ClientJacksonModule#19243
qwerty7878 wants to merge 1 commit into
spring-projects:mainfrom
qwerty7878:fix/oauth2-jackson-module-allow-url-instant

Conversation

@qwerty7878
Copy link
Copy Markdown

@qwerty7878 qwerty7878 commented May 30, 2026
edited
Loading

Fixes gh-19241

Problem

OAuth2ClientJacksonModule was missing allowIfSubType entries for java.net.URL and java.time.Instant, causing a SerializationException when deserializing OAuth2 authentication tokens stored in Redis session. The error occurs because OidcIdToken claims contain iss as a URL and iat/exp as Instant, which the PolymorphicTypeValidator denied.

Fix

Added allowIfSubType(URL.class) and allowIfSubType(Instant.class) to configurePolymorphicTypeValidator in OAuth2ClientJacksonModule.

Tests

  • deserializeWhenClaimsContainUrlAndInstantThenDeserializes — verifies that OAuth2AuthenticationToken containing URL and Instant claim types can be serialized and deserialized successfully

@qwerty7878 qwerty7878 force-pushed the fix/oauth2-jackson-module-allow-url-instant branch from 809a078 to fd660f1 Compare May 30, 2026 23:15
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: waiting-for-triage An issue we've not yet triaged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OAuth2ClientJacksonModule is missing allowIfSubType for URL and Instant

2 participants

@qwerty7878 @spring-projects-issues