Spring Security Make WebClient visible to configure Oauth2-jose (add proxy for instance)

Hello everybody

Summary

I currently use spring security with the oauth2 provider behind corporate firewall.

The oauth2-jose part is hiding the WebClient configuration if we give a jwks url ( on the ReactiveRemoteJWKSource class). We cannot add proxy setup, so our application is not working.

Actual Behavior

Proxy setup is not taken.

Expected Behavior

We should make the WebClient available so that we can configure it like we want.

Version

5.1.2.RELEASE

Sample

The current NimbusReactiveJwtDecoder class only use "jwksUri" as constructor param.

 NimbusReactiveJwtDecoder(jwksUri)

It should be jwksUri and an optional WebClient like:

NimbusReactiveJwtDecoderOverride(jwksUri,
            WebClient.builder().build()

so that we can add a specific .clientConnector on it.

Edit: I provided a PR #6344 to fix that.

Comment From: jgrandja

Thanks for the report @GregoireW. This issue will be resolved in #5937.

The preferred method (and most flexible) is to allow NimbusReactiveJwtDecoder to accept a JWTProcessor. FYI, this has already been implemented on the Servlet side with NimbusJwtDecoder via #5648.

I'm going to close this issue and associated PR since it will be addressed in #5937. Feel free to provide further comments/feedback there.

Comment From: luqmanulkhair

@jgrandja how can we pass NimbusReactiveJwtDecoder. I made bean configuration but seems like it web-flux securty doesnot take it.