Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency on oauth2-oidc-sdk inside NimbusOpaqueTokenIntrospector #16634

Closed
wants to merge 10 commits into from
Closed

Remove dependency on oauth2-oidc-sdk inside NimbusOpaqueTokenIntrospector #16634

wants to merge 10 commits into from

Conversation

asvanberg
Copy link

NimbusOpaqueTokenIntrospector now delegates to SpringOpaqueTokenIntrospector.

Required a lot of test changes since they are all mock-based relying on the implementation calling a specific method in the RestOperations interface and the two implementations differ in which method they call even though they are functionally the same. Tests were changed to use a MockWebServer and make real HTTP requests to enable the internals to be freely refactored.

One step of gh-14245

@asvanberg
Migrate OpaqueTokenDslTests
d5f38dc 
Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Improve brittle tests using opaque token introspection
de5347a 
The tests that went through opaque token introspection rely on mocking
a specific method in the RestOperations interface which is very brittle
and hampers the ability to refactor internals.

They are changed to instead make actual HTTP requests to a MockWebServer
instead allowing refactoring changes. This is necessary to allow the
implementation to be swapped from NimbusOpaqueTokenIntrospector to
SpringOpaqueTokenIntrospector because the latter uses
RestOperations#exchange(String, ParameterizedType) instead of
RestOperations#exchange(String, String) of the former.

Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Migrate OAuth2ResourceServerConfigurerTests
270df71 
Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Improve brittle tests using opaque token introspection
d8ae8b3 
The tests that went through opaque token introspection rely on mocking
a specific method in the RestOperations interface which is very brittle
and hampers the ability to refactor internals.

They are changed to instead make actual HTTP requests to a MockWebServer
instead allowing refactoring changes. This is necessary to allow the
implementation to be swapped from NimbusOpaqueTokenIntrospector to
SpringOpaqueTokenIntrospector because the latter uses
RestOperations#exchange(String, ParameterizedType) instead of
RestOperations#exchange(String, String) of the former.

Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Migrate OAuth2ResourceServerBeanDefinitionParser
7986da1 
Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Change doc to reference SpringOpaqueTokenIntrospector
446c7a0 
Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Improve brittle tests relying on implementation details
b466ac9 
They require the implementation to call a specific method on the
RestOperations interface. Change to use a MockWebServer to allow
refactoring without the tests breaking.

Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Remove lying test
b69054d 
There is no verification of issuer at all. The only reason the test
still "passes" is because the JSON response has the active attribute
as the JSON string "true" rather than the boolean true which is not
accepted.

Choose to remove the test rather than adding issuer verification since
the class is deprecated and will most likely be removed in a future
release.

Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Remove Nimbus introspector reliance on oauth2-oidc-sdk
fb89286 
Signed-off-by: Andreas Svanberg <[email protected]>
@asvanberg
Update copyright year
e2c8302 
Signed-off-by: Andreas Svanberg <[email protected]>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 23, 2025
@jzheaux
Copy link
Contributor

jzheaux commented Feb 24, 2025

Thanks for the PR, @asvanberg, however NimbusOpaqueTokenIntrospector will be removed in 7, and that would be the earliest that oauth2-oidc-sdk is removed. Because of that there won't exist a time when we remove oauth2-oidc-sdk and still have NimbusOpaqueTokenIntrospector around. Indeed, the opposite will likely be true. Because of that, refactoring the Nimbus implementation likely doesn't buy anything for us at this point.

@jzheaux jzheaux closed this Feb 24, 2025
@jzheaux jzheaux added type: enhancement A general enhancement status: declined A suggestion or change that we don't feel we should currently apply in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 24, 2025
@jzheaux jzheaux self-assigned this Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: declined A suggestion or change that we don't feel we should currently apply type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@asvanberg @jzheaux @spring-projects-issues