spring-authorization-server icon indicating copy to clipboard operation
spring-authorization-server copied to clipboard
verified publisher icon spring-projects

Add Predicate for authorizationConsentRequired for device code grant

Open dineshgupta630 opened this issue 7 months ago • 1 comments

Adds a pluggable predicate to control whether consent is required in the device code grant flow . Fixes https://github.com/spring-projects/spring-authorization-server/issues/1965

Notes: No breaking changes; the predicate is opt-in.

dineshgupta630 avatar Jun 16 '25 22:06 dineshgupta630

Thanks for the PR @dineshgupta630. I will review this soon.

jgrandja avatar Jun 19 '25 17:06 jgrandja

Thanks for the review, @jgrandja Sorry for the delay - something pressing came up. I’ll address the PR feedback shortly.

dineshgupta630 avatar Aug 23 '25 09:08 dineshgupta630

@dineshgupta630

As you may be aware, Spring Authorization Server has moved to Spring Security (gh-2195). The 1.4.x and 1.5.x branch will continue to be maintained with bug and security fixes, however, all new features and enhancements will need to be added in Spring Security from 7.0 onwards.

Given that this PR is an enhancement, it would need to be merged into Spring Security.

The 2 options to consider for this PR are: 1) You can re-submit this PR to Spring Security 2) We can continue with the review process here and after it is approved, I would need to manually move the updated code to Spring Security.

Please note, with the 1st option, your name will be preserved in the commit, but it won't be preserved with the 2nd option since I would need to manually move the updated code to Spring Security and create a new commit under my name.

Please let me know how you would like to proceed. Thanks.

jgrandja avatar Sep 18 '25 10:09 jgrandja

Hey @jgrandja, thanks very much for laying out the options - really appreciate it! I'm not fussed about either approach as long as the enhancement makes it in. I'm quite happy to go with option 2 if that's easier for you.

Just wondering though - with option 1, do you reckon there's a chance the enhancement might not get the green light when it goes through Spring Security's process?

dineshgupta630 avatar Sep 18 '25 14:09 dineshgupta630

@dineshgupta630 I'm good with either option. I'll let you pick.

with option 1, do you reckon there's a chance the enhancement might not get the green light when it goes through Spring Security's process

It doesn't make a difference as I'm managing this PR. But we'll need to get this in before 7.0.0-RC1 Oct 20 so if you can update the code based on latest feedback within 2 weeks time then we should be good.

jgrandja avatar Sep 18 '25 15:09 jgrandja

Nice, I can definitely do that. Will do it this weekend. Thanks very much @jgrandja!

dineshgupta630 avatar Sep 18 '25 15:09 dineshgupta630

Hi @jgrandja , thanks ever so much for your help with this - really appreciate it! I've just pushed through the changes, so when you get a moment, would you mind having a look and giving it a review?

Do let me know if there's anything else you'd like me to tweak - more than happy to sort it out straightaway. Cheers.

dineshgupta630 avatar Oct 03 '25 09:10 dineshgupta630

@dineshgupta630 Thanks for the updates. This is now merged via baa3b287d6e8b906db94ffa885b113a626edfdea

jgrandja avatar Oct 07 '25 15:10 jgrandja