As a developer that needs to fine tune the JWT decoding process, it would be useful if this class and its members JwtDecoderProviderConfigurationUtils.getConfigurationForOidcIssuerLocation and JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation were made public.
Comment From: jzheaux
Thanks for reaching out, @larsw. For some background, note that this was discussed recently in https://github.com/spring-projects/spring-security/issues/9135#issuecomment-710697740.
To fine-tune the decoding process, you can expose a JwtDecoder as a @Bean, and Spring Security will use it. One implementation of JwtDecoder, NimbusJwtDecoder, ships with several configuration options.
What is it that you are trying to do that isn't already simple?
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: larsw
Hi again,
The use case for this was to pull other information from the metadata endpoints, without needing to reimplement the functionality for fetching and deserializing them.
Comment From: jzheaux
Thanks for the extra information, @larsw. It sounds like this is a duplicate of #9135, then.