Steve Riesenberg
Steve Riesenberg
@joshuawhite929 > The current OAuth2TokenExchangeAuthenticationProvider constrains token exchange process to a single IDP. I believe the spirit of [RFC 8693](https://datatracker.ietf.org/doc/html/rfc8693) is to also enable token exchange across security domains. Can...
Apologies @joshuawhite929 if my above response is confusing, I was thinking about this from the Spring Security (client) side. Please feel free to share any supporting information or an example...
Hi @joshuawhite929. > Would you prefer to wait or close this issue and have me open another when ready? That depends I suppose. You wouldn't need to provide anything specific...
> I believe this is briefly mentioned in the [spec](https://datatracker.ietf.org/doc/html/rfc8693#name-token-exchange-request-4) It is hinted at in the spec as you mentioned there, but it unfortunately does not spell out any details...
@joshuawhite929 please feel free to create a branch on your fork and give the idea a try. Share a link to the branch here and I'll take a look and...
Thanks for providing a branch with your idea, @joshuawhite929! I have reviewed the branch and do understand what you were thinking about in [your earlier comment](https://github.com/spring-projects/spring-authorization-server/issues/1867#issuecomment-2596125344). While this is definitely...
@joshuawhite929 thanks for following up. > As I see it, the challenge is that within the scope of a single request, in addition to authenticating the client, we also need...
Hi @joshuawhite929. > Isn't the strategy for introducing pluggable implementations the AuthenticationProvider interface? As in my example, I can just add a custom AuthenticationProvider to the existing list of AuthenticationProviders....
@ch4mpy thanks for providing your thoughts! Most of the features you're sketching out here would be applicable to Spring Boot, not Spring Security. You are welcome to open an issue...
@CrazyParanoid thanks for wanting to work on this! Please note that it's best to discuss an issue and have it assigned first before working on it. Have you seen the...