Currently, the auto-configured JwtAuthenticationConverter (defined in OAuth2ResourceServerJwtConfiguration) uses a JwtGrantedAuthoritiesConverter. It would be nice if an ExpressionJwtGrantedAuthoritiesConverter would be used if there is a property spring.security.oauth2.resourceserver.jwt.authorities-claim-expression.
Comment From: wilkinsona
Thanks for the suggestion. On the face of it, this seems reasonable. However, I'm not sure exactly how ExpressionJwtGrantedAuthoritiesConverter is typically used, in particular its javadoc mentions using it in combination with DelegatingJwtGrantedAuthoritiesConverter which may not lend itself to property-based configuration. I couldn't find anything in Spring Security's documentation so I have opened https://github.com/spring-projects/spring-security/issues/18300.
Comment From: kalgon
Personally, I am not using it with a DelegatingJwtGrantedAuthoritiesConverter. I am defining a JwtAuthenticationConverter the same way it is defined in OAuth2ResourceServerJwtConfiguration but with an ExpressionJwtGrantedAuthoritiesConverter (instead of a regular JwtGrantedAuthoritiesConverter) so that I could have the following in my configuration (I am using keycloak):
spring.security.oauth2.resourceserver.jwt.authorities-claim-expression=["resource_access"]["my.client.id"]["roles"]
Comment From: yashpawarrr
Hi there ! Respected open source community I am Yash and I am in my Second year of college , exploring spring boot , java and scalable architecture . Gladly found your github repository and I'll be happy to be a part of this . So may you please guide me how can i start my contribution as soon as possible ....
Comment From: wilkinsona
@yashpawarrr thank you for the offer, but there's nothing to start at the moment. We are awaiting some feedback from the Spring Security team regarding https://github.com/spring-projects/spring-security/issues/18300.