Removed OidcIdTokenDecoderFactory jwtDecoders cache from OidcIdTokenDecoderFactory and ReactiveOidcIdTokenDecoderFactory

iigolovko · iigolovko · commit 6973519ad411 · 2025-08-12T19:30:26.000+03:00
Signed-off-by: iigolovko &lt;iigolovko@ginc-it.ru&gt;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
@@ -23,7 +23,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
 
 import javax.crypto.spec.SecretKeySpec;
@@ -58,7 +57,6 @@
  * @author Joe Grandja
  * @author Rafael Dominguez
  * @author Mark Heckler
- * @author Ivan Golovko
  * @since 5.2
  * @see JwtDecoderFactory
  * @see ClientRegistration
@@ -79,8 +77,6 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 	private static final ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER = createDefaultClaimTypeConverter();
 
-	private final Map<String, JwtDecoder> jwtDecoders;
-
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
 
 	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = (
@@ -89,19 +85,6 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
 			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
-	public OidcIdTokenDecoderFactory() {
-		this(true);
-	}
-
-	public OidcIdTokenDecoderFactory(boolean withCache) {
-		if (withCache) {
-			this.jwtDecoders = new ConcurrentHashMap<>();
-		}
-		else {
-			this.jwtDecoders = null;
-		}
-	}
-
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcIdToken}.
@@ -149,16 +132,7 @@ public static ClaimTypeConverter createDefaultClaimTypeConverter() {
 	@Override
 	public JwtDecoder createDecoder(ClientRegistration clientRegistration) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		if (this.jwtDecoders != null) {
-			return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(),
-					(key) -> createFreshDecoder(clientRegistration));
-		}
-		else {
-			return createFreshDecoder(clientRegistration);
-		}
-	}
 
-	private JwtDecoder createFreshDecoder(ClientRegistration clientRegistration) {
 		NimbusJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 		jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
 		Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
@@ -23,7 +23,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
 
 import javax.crypto.spec.SecretKeySpec;
@@ -59,7 +58,6 @@
  * @author Rafael Dominguez
  * @author Mark Heckler
  * @author Ubaid ur Rehman
- * @author Ivan Golovko
  * @since 5.2
  * @see ReactiveJwtDecoderFactory
  * @see ClientRegistration
@@ -81,8 +79,6 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 	private static final ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER = new ClaimTypeConverter(
 			createDefaultClaimTypeConverters());
 
-	private final Map<String, ReactiveJwtDecoder> jwtDecoders;
-
 	private Function<ClientRegistration, OAuth2TokenValidator<Jwt>> jwtValidatorFactory = new DefaultOidcIdTokenValidatorFactory();
 
 	private Function<ClientRegistration, JwsAlgorithm> jwsAlgorithmResolver = (
@@ -91,19 +87,6 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 	private Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>> claimTypeConverterFactory = (
 			clientRegistration) -> DEFAULT_CLAIM_TYPE_CONVERTER;
 
-	public ReactiveOidcIdTokenDecoderFactory() {
-		this(true);
-	}
-
-	public ReactiveOidcIdTokenDecoderFactory(boolean withCache) {
-		if (withCache) {
-			this.jwtDecoders = new ConcurrentHashMap<>();
-		}
-		else {
-			this.jwtDecoders = null;
-		}
-	}
-
 	/**
 	 * Returns the default {@link Converter}'s used for type conversion of claim values
 	 * for an {@link OidcIdToken}.
@@ -140,16 +123,6 @@ public ReactiveOidcIdTokenDecoderFactory(boolean withCache) {
 	@Override
 	public ReactiveJwtDecoder createDecoder(ClientRegistration clientRegistration) {
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
-		if (this.jwtDecoders != null) {
-			return this.jwtDecoders.computeIfAbsent(clientRegistration.getRegistrationId(),
-					(key) -> createFreshDecoder(clientRegistration));
-		}
-		else {
-			return createFreshDecoder(clientRegistration);
-		}
-	}
-
-	private ReactiveJwtDecoder createFreshDecoder(ClientRegistration clientRegistration) {
 		NimbusReactiveJwtDecoder jwtDecoder = buildDecoder(clientRegistration);
 		jwtDecoder.setJwtValidator(this.jwtValidatorFactory.apply(clientRegistration));
 		Converter<Map<String, Object>, Map<String, Object>> claimTypeConverter = this.claimTypeConverterFactory
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactoryTests.java
@@ -179,17 +179,9 @@ public void createDecoderWhenCustomClaimTypeConverterFactorySetThenApplied() {
 		verify(customClaimTypeConverterFactory).apply(same(clientRegistration));
 	}
 
-	@Test
-	public void createDecoderTwiceWithCaching() {
-		ClientRegistration clientRegistration = this.registration.build();
-		JwtDecoder decoder1 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
-		JwtDecoder decoder2 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
-		assertThat(decoder1).isSameAs(decoder2);
-	}
-
 	@Test
 	public void createDecoderTwiceWithoutCaching() {
-		this.idTokenDecoderFactory = new OidcIdTokenDecoderFactory(false);
+		this.idTokenDecoderFactory = new OidcIdTokenDecoderFactory();
 		ClientRegistration clientRegistration = this.registration.build();
 		JwtDecoder decoder1 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
 		JwtDecoder decoder2 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactoryTests.java
@@ -180,16 +180,8 @@ public void createDecoderWhenCustomClaimTypeConverterFactorySetThenApplied() {
 	}
 
 	@Test
-	public void createDecoderTwiceWithCaching() {
-		ClientRegistration clientRegistration = this.registration.build();
-		ReactiveJwtDecoder decoder1 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
-		ReactiveJwtDecoder decoder2 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
-		assertThat(decoder1).isSameAs(decoder2);
-	}
-
-	@Test
-	public void createDecoderTwiceWithoutCaching() {
-		this.idTokenDecoderFactory = new ReactiveOidcIdTokenDecoderFactory(false);
+	public void createDecoderTwice() {
+		this.idTokenDecoderFactory = new ReactiveOidcIdTokenDecoderFactory();
 		ClientRegistration clientRegistration = this.registration.build();
 		ReactiveJwtDecoder decoder1 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
 		ReactiveJwtDecoder decoder2 = this.idTokenDecoderFactory.createDecoder(clientRegistration);
