Package org.springframework.security.oauth2.client

Class TokenExchangeReactiveOAuth2AuthorizedClientProvider

java.lang.Object
org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
All Implemented Interfaces:
ReactiveOAuth2AuthorizedClientProvider
public final class TokenExchangeReactiveOAuth2AuthorizedClientProvider extends Object implements ReactiveOAuth2AuthorizedClientProvider
An implementation of an ReactiveOAuth2AuthorizedClientProvider for the token-exchange grant.
Since:
6.3
See Also:

  • Constructor Details

    • TokenExchangeReactiveOAuth2AuthorizedClientProvider

      public TokenExchangeReactiveOAuth2AuthorizedClientProvider()

  • Method Details

    • authorize

      public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context)
      Attempt to authorize (or re-authorize) the client in the provided context. Returns an empty Mono if authorization (or re-authorization) is not supported, e.g. the client's authorization grant type is not token-exchange OR the access token is not expired.
      Specified by:
      authorize in interface ReactiveOAuth2AuthorizedClientProvider
      Parameters:
      context - the context that holds authorization-specific state for the client
      Returns:
      the OAuth2AuthorizedClient or an empty Mono if authorization is not supported

    • setAccessTokenResponseClient

      public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> accessTokenResponseClient)
      Sets the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant.
      Parameters:
      accessTokenResponseClient - the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant

    • setSubjectTokenResolver

      public void setSubjectTokenResolver(Function<OAuth2AuthorizationContext,reactor.core.publisher.Mono<OAuth2Token>> subjectTokenResolver)
      Sets the resolver used for resolving the subject token.
      Parameters:
      subjectTokenResolver - the resolver used for resolving the subject token

    • setActorTokenResolver

      public void setActorTokenResolver(Function<OAuth2AuthorizationContext,reactor.core.publisher.Mono<OAuth2Token>> actorTokenResolver)
      Sets the resolver used for resolving the actor token.
      Parameters:
      actorTokenResolver - the resolver used for resolving the actor token

    • setClockSkew

      public void setClockSkew(Duration clockSkew)
      Sets the maximum acceptable clock skew, which is used when checking the access token expiry. The default is 60 seconds.

      An access token is considered expired if OAuth2AccessToken#getExpiresAt() - clockSkew is before the current time clock#instant().

      Parameters:
      clockSkew - the maximum acceptable clock skew

    • setClock

      public void setClock(Clock clock)
      Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
      Parameters:
      clock - the clock