Implement authorization_code AuthenticationProvider

[jgrandja]

The OAuth2AuthorizationCodeAuthenticationProvider is responsible for authenticating the authorization code parameter.

Implementation Requirements

• the OAuth2TokenEndpointFilter Implement Token Endpoint #67 indirectly calls this AuthenticationProvider by passing in OAuth2AuthorizationCodeAuthenticationToken
• the RegisteredClientRepository Implement Client Registration Model / Repository #40 should be used to validate the client_id parameter if the client was not previously authenticated
• the OAuth2AuthorizationService Implement Authorization Model / Service #43 should be used to lookup the OAuth2Authorization using the code parameter
• the accessTokenGenerator should be used to generate an opaque access token. NOTE: This will later be re-factored to generate a JWT
• the access token should be returned by OAuth2AuthorizationCodeAuthenticationProvider in a OAuth2AccessTokenAuthenticationToken
• javadoc class and public methods
• Unit tests

Specification References

3.1. Token Endpoint
4.1. Authorization Code Grant
4.1.3. Access Token Request
4.1.4. Access Token Response

[dfcoffin]

@jgrandja We had discussed the ability to allow an implementation to enhance the generated access token response, but I don't see that described above in the Implementation Requirements

[dfcoffin]

@jgrandja Is it possible to update the Implementation Requirements section with Issue numbers?

• the OAuth2TokenEndpointFilter Implement Token Endpoint #67 indirectly calls this AuthenticationProvider

[jgrandja]

@dfcoffin I updated the issues to cross reference the dependent issues.

Customizing the token response will come in a later iteration. The implementation requirements are for this iteration only. We will likely need to go through 3 or more iterations to fully realize the authorization_code grant, which will include full customizations as per the framework.

[dfcoffin]

@jgrandja Thanks for the update. After reading several of your PR review comments, I'm getting a better feeling for the overall project plan and code development approach. Is this issue still available?

[jgrandja]

@dfcoffin This issue is available. Would you like to take it?

[dfcoffin]

@jgrandja Yes.