Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose getter for nameAttributeKey in OAuth2AuthenticatedPrincipal #16003

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

andreblanke
Copy link

Given a DefaultOidcUser or DefaultOAuth2User, it is currently not possible to create a faithful copy of the instance since the constructors require a nameAttributeKey for the all-arg constructor:

public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
		String nameAttributeKey)
public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes,
		String nameAttributeKey)

which is not accessible.

This issue has been mentioned before in #14461 (comment) where a custom ExtendedOidcUser decorator class is used to work around it. While that works, I feel that this should be possible without introducing a separate class using just the public API.

The PR aims to change this by adding the OAuth2AuthenticatedPrincipal.getNameAttributeKey method in 464b078. This is a breaking change for classes implementing the interface.

With the nameAttributeKey now available from within the interface, I figured it also makes sense to provide a default implementation for OAuth2AuthenticatedPrincipal.getName in c7bcf86.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 26, 2024
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @andreblanke! I've left some feedback inline.

@@ -64,7 +64,7 @@ public DefaultOAuth2AuthenticatedPrincipal(String name, Map<String, Object> attr
this.attributes = Collections.unmodifiableMap(attributes);
this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities)
: AuthorityUtils.NO_AUTHORITIES;
this.name = (name != null) ? name : (String) this.attributes.get("sub");
this.name = (name != null) ? name : OAuth2AuthenticatedPrincipal.super.getName();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's please leave this as-is.

@@ -81,6 +81,11 @@ public Collection<? extends GrantedAuthority> getAuthorities() {
return this.authorities;
}

@Override
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we instead added a constructor that took the String name instead of the attribute key? Then, we could simply deprecate the nameAttributeKey constructor and have it call the new constructor? In that case, this method and the interface method would go away.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At that point, we'd also want to update production files to use the new constructor (that is, tests can stay the same).

@jzheaux jzheaux self-assigned this Nov 1, 2024
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 1, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Nov 21, 2024

Hi, @andreblanke! Are you able to make the requested changes? No rush, if I don't hear from you in about a week, I'm happy to make the changes myself.

@jzheaux jzheaux added this to the 6.5.x milestone Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants