Support token relay clientRegistrationId on properties #3751
Conversation
| // The filter extracts an OAuth2 access token from the currently authenticated user for the provided `clientRegistrationId`. | ||
| // If no `clientRegistrationId` is provided, | ||
| The currently authenticated user's own access token (obtained during login) is used and the extracted access token is placed in a request header for the downstream requests. | ||
| The filter extracts an OAuth2 access token from the currently authenticated user for the provided `clientRegistrationId`. |
There was a problem hiding this comment.
Just to be clear this functionality was already present but the documentation for it was commented out?
There was a problem hiding this comment.
It's not just the documentation. It seems that, this feature was included as part of the initial filter BUT, is not working. With this PR i'm reenabling the TokenRealy filter through properties, and uncomment the related documentation.
There was a problem hiding this comment.
Could you add a test to confirm it is now working?
There was a problem hiding this comment.
I'm sorry, but i don't see an example to test filter functions through properties in gateway-server-mvc to take as base, and my knowledge is limited at this point.
A manual test with properties like these:
spring:
cloud:
gateway:
mvc:
routes:
- id: token_relay_test
uri: https://examplel1.com
filters:
- TokenRelay=relay
security:
oauth2:
client:
provider:
relay:
jwk-set-uri: https://localhost:8080/context/path/jwk
issuer-uri: https://localhost:8080/context/path/issuer
registration:
relay:
provider: relay
client-authentication-method: client_secret_post
authorization-grant-type: client_credentials
client-id: someClientId
client-secret: someClientSecret
works perfectly using it in a complete spring boot application.
If someone could create a specific test for this, I would be grateful.
There was a problem hiding this comment.
@jaimesf I have spent some time and added a test to your PR to test this, see this class https://github.com/spring-cloud/spring-cloud-gateway/pull/3751/files#diff-b6a9d0f37208e4836a1687c1714f1ea8058daca82bd634b88237aef65c70bdf8
Unfortunately to do this I had to make several other changes because Spring Security is on the classpath. In addition once Spring Security was on the classpath it revealed a completely unrelated bug which I documented here #3816
|
Could you please sign your commit so the DCO check will pass? |
Signed-off-by: Jaime Sánchez <[email protected]>
jaimesf
force-pushed
the
support-client-registration-id-token-relay
branch
from
441e920 to
3bc2267
Compare
...vc/src/test/java/org/springframework/cloud/gateway/server/mvc/ServerMvcIntegrationTests.java
Outdated
Show resolved
Hide resolved
...vc/src/test/java/org/springframework/cloud/gateway/server/mvc/ServerMvcIntegrationTests.java
Outdated
Show resolved
Hide resolved
...vc/src/test/java/org/springframework/cloud/gateway/server/mvc/ServerMvcIntegrationTests.java
Outdated
Show resolved
Hide resolved
ryanjbaxter
force-pushed
the
support-client-registration-id-token-relay
branch
from
e1c9f0a to
18048a0
Compare
ryanjbaxter
force-pushed
the
support-client-registration-id-token-relay
branch
from
18048a0 to
03b0f4e
Compare
Support token relay clientRegistrationId on properties
The current code supports clientRegistrationId via Java filter.
Just added Shorcut annotation and update docs.
Thank you