Please see https://github.com/spring-projects/spring-security/issues/13249 for background information.
It would be nice for those creating starters to be able to customize the JwtDecoder created by Spring Boot, namely its set of validators.
Something like the following would be more convenient and less error-prone than replacing the JwtDecoder bean definition:
@Bean
JwtDecoderValidatorCustomizer jwtDecoderValidatorCustomizer() {
return (validator) -> new DelegatingOAuth2TokenValidator<>(validator, customValidator);
}
Comment From: wilkinsona
Reading https://github.com/spring-projects/spring-security/issues/13249, it sounds like @romangr would like to be able to add additional validators while keeping all of the default validators. Rather than introducing a customizer (there isn't really an instance of something to customize), I wonder if we could add any OAuth2TokenValidator<Jwt> beans to the auto-configured DelegatingOAuth2TokenValidator instead?
Comment From: jzheaux
I see, @wilkinsona. Yes, that makes sense.
Comment From: romangr
I created a PR with the implementation similar to the one I use in my starter library, please let me know if it makes sense
Comment From: wilkinsona
Closing in favor of #35874.