feat(spring-boot-starter): look for jwt parser customizers

Caceresenzo · Caceresenzo · commit 95a820a3faa6 · 2025-09-11T00:54:41.000+02:00
diff --git a/client/src/main/java/dev/caceresenzo/privy/client/impl/PrivyClientImpl.java b/client/src/main/java/dev/caceresenzo/privy/client/impl/PrivyClientImpl.java
@@ -40,8 +40,10 @@
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.JwtParserBuilder;
 import io.jsonwebtoken.Jwts;
+import lombok.Getter;
 import lombok.SneakyThrows;
 
+@Getter
 public class PrivyClientImpl implements PrivyClient {
 
 	private static final CustomMetadata EMPTY_METADATA = CustomMetadata.fromValues(Collections.emptyMap());
diff --git a/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyAutoConfiguration.java b/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyAutoConfiguration.java
@@ -1,6 +1,7 @@
 package dev.caceresenzo.privy.spring.boot.autoconfigure;
 
 import java.io.IOException;
+import java.util.List;
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -22,7 +23,10 @@ public class PrivyAutoConfiguration {
 	@Bean
 	@ConditionalOnProperty(PrivyProperties.PREFIX_APPLICATION_ID)
 	@ConditionalOnMissingBean
-	PrivyClient privyClient(PrivyProperties properties) throws IOException {
+	PrivyClient privyClient(
+		PrivyProperties properties,
+		List<PrivyJwtParserCustomizer> jwtParserCustomizers
+	) throws IOException {
 		log.info("Configuring Privy Client");
 
 		final PrivyClient.Builder builder = PrivyClient.builder()
@@ -39,6 +43,21 @@ PrivyClient privyClient(PrivyProperties properties) throws IOException {
 			builder.maxPageSize(maxPageSize);
 		}
 
+		final var cacheVerificationKey = properties.getCacheVerificationKey();
+		if (cacheVerificationKey != null) {
+			builder.cacheVerificationKey(cacheVerificationKey);
+		}
+
+		if (!jwtParserCustomizers.isEmpty()) {
+			builder.jwtParserCustomizer((jwtParserBuilder) -> {
+				for (final var customizer : jwtParserCustomizers) {
+					jwtParserBuilder = customizer.customize(jwtParserBuilder);
+				}
+
+				return jwtParserBuilder;
+			});
+		}
+
 		return builder.build();
 	}
 
diff --git a/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyJwtParserCustomizer.java b/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyJwtParserCustomizer.java
@@ -0,0 +1,10 @@
+package dev.caceresenzo.privy.spring.boot.autoconfigure;
+
+import io.jsonwebtoken.JwtParserBuilder;
+
+@FunctionalInterface
+public interface PrivyJwtParserCustomizer {
+
+	JwtParserBuilder customize(JwtParserBuilder jwtParserBuilder);
+
+}
diff --git a/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyProperties.java b/spring-boot-starter/src/main/java/dev/caceresenzo/privy/spring/boot/autoconfigure/PrivyProperties.java
@@ -18,5 +18,6 @@ public class PrivyProperties {
 	private String applicationSecret;
 	private String webhookSigningKey;
 	private Long maxPageSize;
+	private Boolean cacheVerificationKey;
 
 }
diff --git a/spring-boot-starter/src/test/java/dev/caceresenzo/privy/spring/boot/ClientAutoConfigurationTest.java b/spring-boot-starter/src/test/java/dev/caceresenzo/privy/spring/boot/ClientAutoConfigurationTest.java
@@ -1,24 +1,53 @@
 package dev.caceresenzo.privy.spring.boot;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+
 import org.junit.jupiter.api.Test;
+import org.junit.platform.commons.util.ReflectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 
 import dev.caceresenzo.privy.client.PrivyClient;
+import dev.caceresenzo.privy.client.impl.PrivyClientImpl;
 import dev.caceresenzo.privy.spring.boot.autoconfigure.PrivyAutoConfiguration;
+import dev.caceresenzo.privy.spring.boot.autoconfigure.PrivyJwtParserCustomizer;
 import dev.caceresenzo.privy.spring.boot.autoconfigure.PrivyProperties;
+import io.jsonwebtoken.impl.DefaultJwtParser;
+import lombok.SneakyThrows;
 
 @SpringBootTest(
 	classes = {
 		PrivyAutoConfiguration.class,
-	}, properties = {
+		ClientAutoConfigurationTest.ContextConfiguration.class,
+	},
+	properties = {
 		PrivyProperties.PREFIX_APPLICATION_ID + "=hello",
 		PrivyProperties.PREFIX_APPLICATION_SECRET + "=world"
 	}
 )
 class ClientAutoConfigurationTest {
 
 	@Test
-	void contextLoads(@Autowired PrivyClient client) {}
+	@SneakyThrows
+	void contextLoads(@Autowired PrivyClient client) {
+		final var clientImpl = assertInstanceOf(PrivyClientImpl.class, client);
+		final var jwtParser = assertInstanceOf(DefaultJwtParser.class, clientImpl.getJwtParser());
+
+		final var clockSkew = ReflectionUtils.tryToReadFieldValue(DefaultJwtParser.class, "allowedClockSkewMillis", jwtParser);
+		assertEquals(42_000l, clockSkew.get());
+	}
+
+	@Configuration
+	static class ContextConfiguration {
+
+		@Bean
+		public PrivyJwtParserCustomizer clockSkewJwtParserCustomizer() {
+			return (builder) -> builder.clockSkewSeconds(42);
+		}
+
+	}
 
 }

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,6 @@ public class PrivyProperties {`
`18`	`18`	`private String applicationSecret;`
`19`	`19`	`private String webhookSigningKey;`
`20`	`20`	`private Long maxPageSize;`
	`21`	`+ private Boolean cacheVerificationKey;`
`21`	`22`
`22`	`23`	`}`