-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify adding an authentication validator #1003
Comments
We don't want to expose
I wouldn't qualify it as verbose as
FYI, the general API For now, I'll leave this issue open and we may address this at a later point. |
Hi @jgrandja, Thanks for taking the time to reply. Perhaps an initial compromise could be access to the default validation chain currently defined by OAuth2AuthorizationCodeRequestAuthenticationValidator#authenticationValidator. So appending instead would look something like
That way it would be possible to utilize the default validation as-is while it evolves over time, eliminating the need for users of additional validation to manually attempt to remember to check/determine if a new version of the spring-authorization-server warrants the need for changes in a particular code-base 🤓 |
@dlehammer I'm not sure I want to expose I think a static factory method could work, where the provided validator(s) are simply appended to the defaults. Would you be interested in submitting a PR for this? |
Hi @jgrandja, Thanks for taking the time to reply. Regarding
I've thought about it, and the only thing preventing me is that I'm unsure what would be an acceptable approach. Also i noticed #884 that seems like a closely related issue :) |
@dlehammer We just released |
Hi spring-authorization-server gurus,
I'm probably holding it wrong, but here goes :)
Expected Behavior
Appending additional validation supplementing the default validation should be a 1st class citizen, preferably via the composite pattern or similar abstraction.
I suggest that appending custom validation should be as easy as invoking a add-method during configuration.
Current Behavior
The documentation outlines a way to override some default validation, while simultaneously being rather verbose.
While the current support as outlined in the documentation is cumbersome and maintainer unfriendly, it's sufficient for overriding some default validation, it's also brittle as the overrider must explicit maintain the validation chain (
...andThen(..
) going forward.Context
In-order to append custom validation, I've accumulated an undesired responsibility for maintaining a mirror of the default validation-chain.
Append custom validation, while preserving the default validation as-is.
The OAuth2AuthorizationEndpointConfigurer.addAuthorizationCodeRequestAuthenticationValidator(..), unfortunately it's unreachable outside the package and prepends the validator.
Unfortunately no :/
The text was updated successfully, but these errors were encountered: