3

Is it possible to configure or autowire a JWE key selector for a spring boot 2.0 application with spring security 5.x.x to be able to decrypt the id_oken received from an OpenId connect provider?

The JWS Keys can be defined by the spring security oauth2 client registration properties. But I did not find a way for specifing the JWEKeySelector for the JWTDecoder used by spring security oauth.

Thanks in advance!

dependencies:

buildscript {
    ext {
        springBootVersion = '2.0.0.RELEASE'
    }
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
    }
}

apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

sourceCompatibility = 1.8

repositories {
    mavenCentral()
}

ext['thymeleaf.version'] = '3.0.9.RELEASE'

dependencies {

    compile 'org.springframework.security:spring-security-config'
    compile 'org.springframework.security:spring-security-oauth2-client'
    compile 'org.springframework.security:spring-security-oauth2-jose'

    compile 'org.springframework.boot:spring-boot-starter-web'
    compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
    compile 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4'
    compile 'io.projectreactor.ipc:reactor-netty'
    compile 'org.springframework:spring-webflux'

    compile 'org.webjars:jquery:3.3.1-1'
    compile 'org.webjars:bootstrap:4.0.0-1'
    compile 'org.webjars:webjars-locator:0.32'

    testCompile 'org.springframework.security:spring-security-test'
    testCompile 'org.springframework.boot:spring-boot-starter-test'
}
Sebastian
  • 183
  • 1
  • 12
  • JWE support seems to be still on the roadmap: https://github.com/spring-projects/spring-security/issues/4435 However, does anybody know a workaround? – Sebastian Mar 07 '18 at 09:28

0 Answers0