OAuth2 intercepter for feign does not re-issue invalid token · spring-attic/spring-cloud-security#220

(3 comments) (8 reactions) (0 assignees)Java (525 stars) (250 forks)batch import

enhancementhelp wanted

Description

Hi,

If we check OAuth2RestTemplate it has an option retryBadAccessTokens which will try one more time to obtain new access token if previous token is invalid. This is useful if, for some reasons, you decide to revoke access token.

In OAuth2FeignRequestInterceptor access token is preserved in client context until it expires. There is no way to make feign to reissue new token until it expire.

The difficulty here that in feign interceptor is not responsible for retry. So what will be correct way to handle this issue? One of the option is to implement a feign retryer which will clean up client context.

If it is correct, do you want me to try to contribute this change?

Contributor guide

Tech stack: javaspring
Domain: backendapi
Issue type: feature
Difficulty: 3
Estimated time: 1-3 hours
Activity status: stale
Clarity: clear
Prerequisites: Spring OAuth2 experienceFeign client usageJava knowledge
Newbie friendliness: 40
Research direction: The issue requests a retry mechanism for invalid OAuth2 tokens in Feign interceptors. The author suggests implementing a Feign Retryer to clean up the client context on token invalidation. To contribute, review the current OAuth2FeignRequestInterceptor and understand how tokens are stored. Consider adding a retryer that catches exceptions and refreshes the token. Since the repository is archived, check for any successor projects or note that the issue may need to be addressed in a different library.