Max Batischev
Max Batischev
Hi @rwinch, in this issue we need to replace the old jose api with a new one. This is not a very simple issue, for example `JWKSetCache` is now deprecated,...
Additional context: We need an `OpaqueTokenIntrospector` that iterates over multiple `OpaqueTokenIntrospector` and returns the first successful result.
Hi @sjohnr thanks for your feedback! > It is unclear to me whether the delegating implementation is truly needed, because there are likely other cases where both the OpaqueTokenIntrospector and...
> Spring Security has often received feedback that there many ways to do the same thing, and that it's confusing. It always seemed to me that this is a big...
Hi @thomasdarimont. This feature would be very useful. Personally, I feel inconvenienced when I have to write the same code every time to convert authorities. I like the idea of...
@jgrandja Firstly, it would be nice if dpop was optional, now it is always enabled. Secondly, the same `Authorization` header is specified everywhere, it is standard, but it can be...
@jgrandja I can prepare a PR if this ticket is relevant.
Hi @pheyken Indeed, such a problem exists. But it seems to me that this is a rather rare case. If you have a stable working solution, then it would be...
You can use `ReactiveAuthenticationManagerAdapter`, what other API are you missing for your case?
I can suggest a solution: ``` ReactiveOidcIdTokenDecoderFactory jwtDecoderFactory = new ReactiveOidcIdTokenDecoderFactory(); jwtDecoderFactory.setReactiveJwtDecoderFactory( (reactiveJwtDecoderFactory) -> NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri) .jwsAlgorithm(SignatureAlgorithm.RS256) .webClient(WebClient.create()) .build() ); ``` @jzheaux @afiluba could you please review this?