Skip to content

Simplify at+jwt validation #18381

New issue
New issue
Open
Open
Simplify at+jwt validation#18381
Assignees
jzheaux
Labels
for: team-attentionThis ticket should be discussed as a team before proceedingin: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
7.1.0-M1
@jzheaux

Description

@jzheaux
jzheaux
opened on Jan 5, 2026

at+jwt validation was added in 6.x, and it would be nice if this were the simplest validation method to add, given that it is a standard for JWT validation.

Some ways to achieve this are:

  • Add Nimbus(Reactive)JwtDecoder builders that adhere to RFC 9068
  • Add Nimbus(Reactive)AtJwtDecoder implmentations that adhere to RFC 9068

This may require deprecating Nimbus(Reactive)JwtDecoder or some of their builders.

The DSL should also be considered. Perhaps something like:

oauth2ResourceServer((oauth2) -> oauth2
    .atJwt()
        .issuer(...)
        .audience(...)
)

Note that this ticket remains a work in progress and is not ideal for contribution at this time.

Metadata

Metadata

Assignees

Labels

for: team-attentionThis ticket should be discussed as a team before proceedingin: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions