-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose getter for nameAttributeKey in OAuth2AuthenticatedPrincipal #16003
base: main
Are you sure you want to change the base?
Expose getter for nameAttributeKey in OAuth2AuthenticatedPrincipal #16003
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @andreblanke! I've left some feedback inline.
@@ -64,7 +64,7 @@ public DefaultOAuth2AuthenticatedPrincipal(String name, Map<String, Object> attr | |||
this.attributes = Collections.unmodifiableMap(attributes); | |||
this.authorities = (authorities != null) ? Collections.unmodifiableCollection(authorities) | |||
: AuthorityUtils.NO_AUTHORITIES; | |||
this.name = (name != null) ? name : (String) this.attributes.get("sub"); | |||
this.name = (name != null) ? name : OAuth2AuthenticatedPrincipal.super.getName(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's please leave this as-is.
@@ -81,6 +81,11 @@ public Collection<? extends GrantedAuthority> getAuthorities() { | |||
return this.authorities; | |||
} | |||
|
|||
@Override |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if we instead added a constructor that took the String name
instead of the attribute key? Then, we could simply deprecate the nameAttributeKey
constructor and have it call the new constructor? In that case, this method and the interface method would go away.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At that point, we'd also want to update production files to use the new constructor (that is, tests can stay the same).
Hi, @andreblanke! Are you able to make the requested changes? No rush, if I don't hear from you in about a week, I'm happy to make the changes myself. |
Given a
DefaultOidcUser
orDefaultOAuth2User
, it is currently not possible to create a faithful copy of the instance since the constructors require anameAttributeKey
for the all-arg constructor:which is not accessible.
This issue has been mentioned before in #14461 (comment) where a custom
ExtendedOidcUser
decorator class is used to work around it. While that works, I feel that this should be possible without introducing a separate class using just the public API.The PR aims to change this by adding the
OAuth2AuthenticatedPrincipal.getNameAttributeKey
method in 464b078. This is a breaking change for classes implementing the interface.With the
nameAttributeKey
now available from within the interface, I figured it also makes sense to provide a default implementation forOAuth2AuthenticatedPrincipal.getName
in c7bcf86.