Skip to content

Mock Jwt should ensure that CSRF is not required #7170

New issue
New issue
Closed
Closed
Mock Jwt should ensure that CSRF is not required#7170
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.2.0
@jzheaux

Description

@jzheaux
jzheaux
opened on Jul 31, 2019

According to #7118, when using jwt() (Servlet) or mockJwt() (WebFlux) test support, a tester must also provide a CSRF token.

This is because the CSRF token is lifted when a bearer token header is present in the request.

But, when using jwt() or mockJwt(), no bearer token header is provided as it's unnecessary.

In order to align with the expected behavior of resource server endpoints, when jwt() or mockJwt() is used, the tester should not also have to supply a CSRF token.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions