Skip to content

Provide custom WebClient and RestOperations to ReactiveJwtDecoders and JwtDecoders #17698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Provide custom WebClient and RestOperations to ReactiveJwtDecoders and JwtDecoders #17698

wants to merge 1 commit into from
+136 −12

Conversation

thiago-locatelli
Copy link

While Customize the WebClient used by OAuth2 Client Components provides a way to customize the ReactiveOAuth2AccessTokenResponseClient by providing a custom WebClient.

Spring security doesn't provide a clear way to customize the WebClient and RestOperation objects involved in the JWT decode flow of the OAuth2 authentication. This pull includes changes that allows a user to provide a custom WebClient/RestOperations to ReactiveJwtDecoders and JwtDecoders and leverage the already existing internal customizations Spring security is already doing.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 12, 2025
@jzheaux
Copy link
Contributor

jzheaux commented Aug 13, 2025

Hi, @thiago-locatelli, can you share what you are doing such that NimbusJwtDecoder#withIssuerLocation is insufficient? It returns a builder that allows you to specify a RestOperations.

The main difference between NimbusJwtDecoder#withIssuerLocation and JwtDecoders is that the latter adds the IssuerValidator automatically. Otherwise it is equivalent to:

NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation("https://issuer.example.org")
    // .restOperations(...)
    .build();
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer("https://issuer.example.org"));

@jzheaux jzheaux self-assigned this Aug 13, 2025
@jzheaux jzheaux added status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 13, 2025
@thiago-locatelli
Copy link
Author

@jzheaux if there are no other difference, then in this case I will close this pull request. Thanks for providing more clarification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thiago-locatelli @jzheaux @spring-projects-issues