Create JWT access token from a SAMLAuthenticationToken

In my application I have so far used the OAuth2 password grant flow to generate a JWT access token to clients providing their username and password using Spring Security and Spring OAuth. They then use that token in all requests to my Spring Boot REST API.

Some of my customers now want to use SAML authentication instead. My idea is to create a separate endpoint /saml/accessToken and secure it with Spring SAML. Once the SAML authentication is complete the user is redirected back to /saml/accessToken, now with a valid authentication, and is given a JWT which the client can use to further communicate with my REST API.

I need a controller method that accepts an authenticated SAMLAuthenticationToken, generates a JWT using it's credentials, and returns it to the client:

@RequestMapping(value = "/saml/accessToken")
public String getAccessToken(SAMLAuthenticationToken authentication) {
    return accessTokenFactory.create(authentication);
}

It is the accessTokenFactory in the above example I need help with. I would like to follow the Spring coding ecosystem as much as possible and avoid using a "hack" solution, so that I can make use of the already existing TokenEnhancers and so forth.


What is the best way to create a JWT access token from a SAMLAuthenticationToken?