spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

API key authentication implementation

Open noavarice opened this issue 4 months ago • 0 comments

See GH-17563

Adds API key authentication support. Key components include the following:

  • ApiKei is a data model consisting of ID and secret parts. ApiKey provides method for generating new instance randomly;
  • ApiKeyDigest handles hashing API key secret part and comparing secret with existing hash. This component closely resembles PasswordEncoder functionality;
  • ApiKeySearchService allows framework user to hook into the API key authentication lifecycle. This component closely resembles UserDetailsService functionality;
  • ApiKeyAuthenticationProvider handles API key authentication aspects;
  • ApiKeyAuthenticationFilter intercepts incoming requests and hands control over to AuthenticationManager the same way other similar filters do (e.g., BasicAuthenticationFilter).

This is a work-in-progress, it's far from finish (no reactive stack support, no tests, etc.), but it catches the way it should work from my perspective.

noavarice avatar Aug 23 '25 12:08 noavarice