Consider aligning OAuth 2.0 Access Token Response parsing in BodyExtractor #16001
Assignees
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Milestone
Comments
sjohnr
added
type: enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For reactive applications, the default implementation of
BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage>used byAbstractWebClientReactiveOAuth2AccessTokenResponseClientisOAuth2BodyExtractors.oauth2AccessTokenResponse(). It uses Nimbus to parse an OAuth 2.0 Access Token Response.The Nimbus implementation determines if the response is success or failure based solely on parameters in the response. By contrast, for servlet applications, a
RestTemplateorRestClientuses an error handler that is invoked based on the HTTP status code of the response. This means that handling of an OAuth 2.0 Error Response in particular is not aligned between the two stacks. It would be nice if we could align error handling. Further, on the reactive side, parsing is tied into error handling and applications that wish to customize one must customize both in an inconsistent way.We could also consider re-using the parsing logic from the servlet stack in the
BodyExtractorfor reactive:DefaultMapOAuth2AccessTokenResponseConvertercan be re-used for converting response parameters to anOAuth2AccessTokenResponseOAuth2ErrorConverter(currently a private inner class ofOAuth2ErrorHttpMessageConverter) can be re-used for converting error parameters to anOAuth2ErrorThe text was updated successfully, but these errors were encountered: