spring-authorization-server icon indicating copy to clipboard operation
spring-authorization-server copied to clipboard
verified publisher icon spring-projects

Make CodeVerifierAuthenticator public

Open Vojtech-Sassmann opened this issue 2 years ago • 0 comments

Expected Behavior The CodeVerifierAuthenticator is public and can be used in custom AuthenticationProviders.

Current Behavior The CodeVerifierAuthenticator is package-private and cannot be used outside this package.

Context We are implementing a custom AuthenticationProvider which uses client X509 certificate. We also would like to use PKCE inside this AuthenticationProvider. We cannot simply reuse the CodeVerifierAuthenticator because its visibility is restricted. We must either write custom PKCE validation and duplicate the logic or create the custom AuthenticationProvider inside the same package as the CodeVerifierAuthenticator.

Related PR: https://github.com/spring-projects/spring-authorization-server/pull/1348

Vojtech-Sassmann avatar Sep 05 '23 07:09 Vojtech-Sassmann