Skip to content

Add support dpop customization #16940

New issue
New issue
Open
#17202
Open
Add support dpop customization#16940
#17202
Assignees
franticticktick
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
 
7.0.x
@franticticktick

Description

@franticticktick
franticticktick
opened on Apr 15, 2025

Currently dpop can't be configured. OAuth2ResourceServerConfigurer has dPoPAuthenticationConfigurer and it is already initialized with DPoPAuthenticationConfigurer and in configure method it is always applied to http. It would be nice to separate dpop configuration instead of applying it by default.
For example:

		@Bean
		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
			// @formatter:off
			http
				.authorizeHttpRequests((authorize) ->
					authorize.anyRequest().authenticated()
				)
				.oauth2ResourceServer((oauth2ResourceServer) ->
					oauth2ResourceServer
						.jwt(Customizer.withDefaults())
						.dpop(Customizer.withDefaults())
				);
			// @formatter:on
			return http.build();
		}

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions