The reactive interface for creating a ReactiveJwtDecoder from some context looks like:

ReactiveJwtDecoder createDecoder(C context)

This is used, for example, in OidcAuthorizationCodeReactiveAuthenticationManager to construct a ReactiveJwtDecoder based on ClientRegistration:

private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
    ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration);
    String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
    return jwtDecoder.decode(rawIdToken)
        .map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
}

Since this action is performed at request time, an implementation that did a DB lookup to create the ReactiveJwtDecoder would be blocking.

This could be resolved by creating a custom ReactiveAuthenticationManager instance, but it may be simpler for applications if the contract were changed to:

Mono<ReactiveJwtDecoder> createDecoder(C context)

and OidcAuthorizationCodeReactiveAuthenticationManager were changed to:

private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) {
    String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN);
    return this.jwtDecoderFactory.createDecoder(clientRegistration);
        .map(jwtDecoder -> jwtDecoder.decode(rawIdToken))
        .map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()));
}

Another potential use case would be to use it when looking up ReactiveJwtDecoders based on the incoming issuer:

ReactiveJwtDecoderFactory<String> jwtDecoderFactory = ...;
return jwtDecoderFactory.createDecoder(issuer)
    .map(jwtDecoder -> jwtDecoder.decode(token));

Not being as close to the OAuth 2.0 Client code, for which this was originally created, I might be looking at this class the wrong way, which is why I opened the ticket.

Comment From: rwinch

Another way to achieve this is to create a delegating ReactiveJwtDecoder which would do any blocking operations within its decode method.

Comment From: jgrandja

@jzheaux

Since this action is performed at request time, an implementation that did a DB lookup to create the ReactiveJwtDecoder would be blocking.

True. However, the default (and only) implementation ReactiveOidcIdTokenDecoderFactory does not perform any blocking operations.

@rwinch Has also provided a solution to the issue you mentioned so I think we are covered here.

I'm going to close this but if you still feel this is an issue we can revisit.