All Classes and Interfaces
Class
Description
A base representation of OAuth 2.0 Authorization Server metadata, returned by an
endpoint defined in OAuth 2.0 Authorization Server Metadata and OpenID Connect
Discovery 1.0.
AbstractOAuth2AuthorizationServerMetadata.AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata,B extends AbstractOAuth2AuthorizationServerMetadata.AbstractBuilder<T,B>>
A builder for subclasses of
AbstractOAuth2AuthorizationServerMetadata
.Base implementation for configuration settings.
AbstractSettings.AbstractBuilder<T extends AbstractSettings,B extends AbstractSettings.AbstractBuilder<T,B>>
A builder for subclasses of
AbstractSettings
.A context that holds information of the Authorization Server runtime environment.
A holder of the
AuthorizationServerContext
that associates it with the current
thread using a ThreadLocal
.A facility for authorization server configuration settings.
A builder for
AuthorizationServerSettings
.An
AuthenticationProvider
implementation used for OAuth 2.0 Client
Authentication, which authenticates the client_secret
parameter.Attempts to extract HTTP Basic credentials from
HttpServletRequest
and then
converts to an OAuth2ClientAuthenticationToken
used for authenticating the
client.Attempts to extract client credentials from POST parameters of
HttpServletRequest
and then converts to an
OAuth2ClientAuthenticationToken
used for authenticating the client.A facility for client configuration settings.
A builder for
ClientSettings
.The names for all the configuration settings.
The names for authorization server configuration settings.
The names for client configuration settings.
The names for token configuration settings.
A facility for holding information associated to a specific context.
Default implementation of
OAuth2TokenContext
.A builder for
DefaultOAuth2TokenContext
.An
AuthenticationConverter
that simply delegates to it's internal List
of AuthenticationConverter
(s).An
OAuth2AuthorizationConsentService
that stores
OAuth2AuthorizationConsent
's in-memory.An
OAuth2AuthorizationService
that stores OAuth2Authorization
's
in-memory.A
RegisteredClientRepository
that stores RegisteredClient
(s) in-memory.A JDBC implementation of an
OAuth2AuthorizationConsentService
that uses a
JdbcOperations
for OAuth2AuthorizationConsent
persistence.A JDBC implementation of an
OAuth2AuthorizationService
that uses a
JdbcOperations
for OAuth2Authorization
persistence.A JDBC implementation of a
RegisteredClientRepository
that uses a
JdbcOperations
for RegisteredClient
persistence.Attempts to extract a JWT client assertion credential from
HttpServletRequest
and then converts to an OAuth2ClientAuthenticationToken
used for authenticating
the client.An
AuthenticationProvider
implementation used for OAuth 2.0 Client
Authentication, which authenticates the Jwt
client_assertion
parameter.A
factory
that provides a JwtDecoder
for the
specified RegisteredClient
and is used for authenticating a Jwt
Bearer
Token during OAuth 2.0 Client Authentication.An
OAuth2TokenContext
implementation used when encoding a Jwt
.A builder for
JwtEncodingContext
.A
Filter
that processes JWK Set requests.An
OAuth2AuthenticationContext
that holds an
OAuth2AccessTokenAuthenticationToken
and additional information and is used
when customizing the OAuth2AccessTokenResponse
.A builder for
OAuth2AccessTokenAuthenticationContext
.An
Authentication
implementation used when issuing an OAuth 2.0 Access Token
and (optional) Refresh Token.An implementation of an
AuthenticationSuccessHandler
used for handling an
OAuth2AccessTokenAuthenticationToken
and returning the
Access Token Response
.A context that holds an
Authentication
and (optionally) additional information
and is used in an AuthenticationProvider
.OAuth2AuthenticationContext.AbstractBuilder<T extends OAuth2AuthenticationContext,B extends OAuth2AuthenticationContext.AbstractBuilder<T,B>>
A builder for subclasses of
OAuth2AuthenticationContext
.A representation of an OAuth 2.0 Authorization, which holds state related to the
authorization granted to a
client
, by the
resource owner
or itself in the case of the
client_credentials
grant type.A builder for
OAuth2Authorization
.OAuth2Authorization.Token<T extends org.springframework.security.oauth2.core.OAuth2Token>
A holder of an OAuth 2.0 Token and it's associated metadata.
An implementation of an
AbstractOAuth2Token
representing an OAuth 2.0
Authorization Code Grant.Attempts to extract an Access Token Request from
HttpServletRequest
for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationCodeAuthenticationToken
used for authenticating the
authorization grant.An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization Code
Grant.An
Authentication
implementation used for the OAuth 2.0 Authorization Code
Grant.An
OAuth2AuthenticationContext
that holds an
OAuth2AuthorizationCodeRequestAuthenticationToken
and additional information
and is used when validating the OAuth 2.0 Authorization Request parameters, as well as,
determining if authorization consent is required.A builder for
OAuth2AuthorizationCodeRequestAuthenticationContext
.Attempts to extract an Authorization Request from
HttpServletRequest
for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationCodeRequestAuthenticationToken
used for authenticating the
request.This exception is thrown by
OAuth2AuthorizationCodeRequestAuthenticationProvider
when an attempt to
authenticate the OAuth 2.0 Authorization Request (or Consent) fails.An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization
Request used in the Authorization Code Grant.An
Authentication
implementation for the OAuth 2.0 Authorization Request used
in the Authorization Code Grant.A
Consumer
providing access to the
OAuth2AuthorizationCodeRequestAuthenticationContext
containing an
OAuth2AuthorizationCodeRequestAuthenticationToken
and is the default
authentication validator
used for validating specific OAuth 2.0 Authorization Request
parameters used in the Authorization Code Grant.A representation of an OAuth 2.0 "consent" to an Authorization request, which holds
state related to the set of
authorities
granted to a
client
by the resource
owner
.A builder for
OAuth2AuthorizationConsent
.An
OAuth2AuthenticationContext
that holds an
OAuth2AuthorizationConsent.Builder
and additional information and is used when
customizing the building of the OAuth2AuthorizationConsent
.A builder for
OAuth2AuthorizationConsentAuthenticationContext
.Attempts to extract an Authorization Consent from
HttpServletRequest
for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationConsentAuthenticationToken
used for authenticating the
request.An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization
Consent used in the Authorization Code Grant.An
Authentication
implementation for the OAuth 2.0 Authorization Consent used
in the Authorization Code Grant.Implementations of this interface are responsible for the management of
OAuth 2.0 Authorization Consent(s)
.Configurer for the OAuth 2.0 Authorization Endpoint.
A
Filter
for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Request and Consent.Base implementation of an
Authentication
representing an OAuth 2.0
Authorization Grant.Configuration
for OAuth 2.0 Authorization Server support.An
AbstractHttpConfigurer
for OAuth 2.0 Authorization Server support.Jackson
Module
for spring-authorization-server
, that registers the
following mix-in annotations:
UnmodifiableMapMixin
HashSetMixin
OAuth2AuthorizationRequestMixin
OAuth2TokenExchangeCompositeAuthenticationTokenMixin
DurationMixin
JwsAlgorithmMixin
OAuth2TokenFormatMixin
StringArrayMixin
If not already enabled, default typing will be automatically enabled as type info is
required to properly serialize/deserialize objects.A representation of an OAuth 2.0 Authorization Server Metadata response, which is
returned from an OAuth 2.0 Authorization Server's Metadata Endpoint, and contains a set
of claims about the Authorization Server's configuration.
Helps configure an
OAuth2AuthorizationServerMetadata
.A
ClaimAccessor
for the "claims" an Authorization Server describes about its
configuration, used in OAuth 2.0 Authorization Server Metadata and OpenID Connect
Discovery 1.0.The names of the "claims" an Authorization Server describes about its configuration,
used in OAuth 2.0 Authorization Server Metadata and OpenID Connect Discovery 1.0.
Configurer for the OAuth 2.0 Authorization Server Metadata Endpoint.
A
Filter
that processes OAuth 2.0 Authorization Server Metadata Requests.A
HttpMessageConverter
for an OAuth
2.0 Authorization Server Metadata Response
.Implementations of this interface are responsible for the management of
OAuth 2.0 Authorization(s)
.Configurer for OAuth 2.0 Client Authentication.
An
OAuth2AuthenticationContext
that holds an
OAuth2ClientAuthenticationToken
and additional information and is used when
validating an OAuth 2.0 Client Authentication.A builder for
OAuth2ClientAuthenticationContext
.A
Filter
that processes an authentication request for an OAuth 2.0 Client.An
Authentication
implementation used for OAuth 2.0 Client Authentication.An
OAuth2AuthenticationContext
that holds an
OAuth2ClientCredentialsAuthenticationToken
and additional information and is
used when validating the OAuth 2.0 Client Credentials Grant Request.A builder for
OAuth2ClientCredentialsAuthenticationContext
.Attempts to extract an Access Token Request from
HttpServletRequest
for the
OAuth 2.0 Client Credentials Grant and then converts it to an
OAuth2ClientCredentialsAuthenticationToken
used for authenticating the
authorization grant.An
AuthenticationProvider
implementation for the OAuth 2.0 Client Credentials
Grant.An
Authentication
implementation used for the OAuth 2.0 Client Credentials
Grant.A
Consumer
providing access to the
OAuth2ClientCredentialsAuthenticationContext
containing an
OAuth2ClientCredentialsAuthenticationToken
and is the default
authentication validator
used for validating specific OAuth 2.0 Client Credentials
Grant Request parameters.Attempts to extract a Device Authorization Consent from
HttpServletRequest
for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceAuthorizationConsentAuthenticationToken
used for authenticating the
request.An
AuthenticationProvider
implementation for the Device Authorization Consent
used in the OAuth 2.0 Device Authorization Grant.An
Authentication
implementation for the Device Authorization Consent used in
the OAuth 2.0 Device Authorization Grant.Configurer for the OAuth 2.0 Device Authorization Endpoint.
A
Filter
for the OAuth 2.0 Device Authorization endpoint, which handles the
processing of the OAuth 2.0 Device Authorization Request.Attempts to extract a Device Authorization Request from
HttpServletRequest
for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceAuthorizationRequestAuthenticationToken
used for authenticating the
request.An
AuthenticationProvider
implementation for the Device Authorization Request
used in the OAuth 2.0 Device Authorization Grant.An
Authentication
implementation for the Device Authorization Request used in
the OAuth 2.0 Device Authorization Grant.Attempts to extract a Device Access Token Request from
HttpServletRequest
for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceCodeAuthenticationToken
used for authenticating the authorization
grant.An
AuthenticationProvider
implementation for the Device Access Token Request
used in the OAuth 2.0 Device Authorization Grant.An
Authentication
implementation for the Device Access Token Request used in
the OAuth 2.0 Device Authorization Grant.Attempts to extract a user code from
HttpServletRequest
for the OAuth 2.0
Device Authorization Grant and then converts it to an
OAuth2DeviceVerificationAuthenticationToken
used for authenticating the
request.An
AuthenticationProvider
implementation for the Device Verification Request
(submission of the user code) used in the OAuth 2.0 Device Authorization Grant.An
Authentication
implementation for the Device Verification Request
(submission of the user code) used in the OAuth 2.0 Device Authorization Grant.Configurer for the OAuth 2.0 Device Verification Endpoint.
A
Filter
for the OAuth 2.0 Device Authorization Grant, which handles the
processing of the Device Verification Request (submission of the user code) and the
Device Authorization Consent.An implementation of an
AuthenticationFailureHandler
used for handling an
OAuth2AuthenticationException
and returning the OAuth 2.0
Error Response
.Attempts to extract an Access Token Request from
HttpServletRequest
for the
OAuth 2.0 Refresh Token Grant and then converts it to an
OAuth2RefreshTokenAuthenticationToken
used for authenticating the authorization
grant.An
AuthenticationProvider
implementation for the OAuth 2.0 Refresh Token Grant.An
Authentication
implementation used for the OAuth 2.0 Refresh Token Grant.An
OAuth2TokenGenerator
that generates an OAuth2RefreshToken
.A
ClaimAccessor
for the "claims" that may be contained in an
OAuth2TokenClaimsSet
.The names of the "claims" that may be contained in an
OAuth2TokenClaimsSet
and
are associated to an OAuth2Token
.An
OAuth2TokenContext
implementation that provides access to the
claims
of an OAuth 2.0 Token, allowing the ability to customize.A builder for
OAuth2TokenClaimsContext
.A representation of a set of claims that are associated to an
OAuth2Token
.A builder for
OAuth2TokenClaimsSet
.A context that holds information (to be) associated to an OAuth 2.0 Token and is used
by an
OAuth2TokenGenerator
and OAuth2TokenCustomizer
.OAuth2TokenContext.AbstractBuilder<T extends OAuth2TokenContext,B extends OAuth2TokenContext.AbstractBuilder<T,B>>
Base builder for implementations of
OAuth2TokenContext
.Implementations of this interface are responsible for customizing the OAuth 2.0 Token
attributes contained within the
OAuth2TokenContext
.Configurer for the OAuth 2.0 Token Endpoint.
A
Filter
for the OAuth 2.0 Token endpoint, which handles the processing of an
OAuth 2.0 Authorization Grant.A
ClaimAccessor
used for the OAuth 2.0 Token Exchange Grant to represent an
actor in a OAuth2TokenExchangeCompositeAuthenticationToken
(e.g.Attempts to extract an Access Token Request from
HttpServletRequest
for the
OAuth 2.0 Token Exchange Grant and then converts it to an
OAuth2TokenExchangeAuthenticationToken
used for authenticating the
authorization grant.An
AuthenticationProvider
implementation for the OAuth 2.0 Token Exchange
Grant.An
Authentication
implementation used for the OAuth 2.0 Token Exchange Grant.An
Authentication
implementation used for the OAuth 2.0 Token Exchange Grant to
represent the principal in a composite token (e.g.Standard data formats for OAuth 2.0 Tokens.
OAuth2TokenGenerator<T extends org.springframework.security.oauth2.core.OAuth2Token>
Implementations of this interface are responsible for generating an
OAuth2Token
using the attributes contained in the OAuth2TokenContext
.A representation of the claims returned in an OAuth 2.0 Token Introspection Response.
A builder for
OAuth2TokenIntrospection
.Attempts to extract an Introspection Request from
HttpServletRequest
and then
converts it to an OAuth2TokenIntrospectionAuthenticationToken
used for
authenticating the request.An
AuthenticationProvider
implementation for OAuth 2.0 Token Introspection.An
Authentication
implementation used for OAuth 2.0 Token Introspection.Configurer for the OAuth 2.0 Token Introspection Endpoint.
A
Filter
for the OAuth 2.0 Token Introspection endpoint.A
HttpMessageConverter
for an OAuth 2.0 Token
Introspection Response
.Attempts to extract a Revoke Token Request from
HttpServletRequest
and then
converts it to an OAuth2TokenRevocationAuthenticationToken
used for
authenticating the request.An
AuthenticationProvider
implementation for OAuth 2.0 Token Revocation.An
Authentication
implementation used for OAuth 2.0 Token Revocation.Configurer for the OAuth 2.0 Token Revocation Endpoint.
A
Filter
for the OAuth 2.0 Token Revocation endpoint.Standard token types defined in the OAuth Token Type Hints Registry.
An
AuthenticationProvider
implementation for OpenID Connect 1.0 Dynamic Client
Configuration Endpoint.A
ClaimAccessor
for the "claims" that are contained in the OpenID Client
Registration Request and Response.The names of the "claims" defined by OpenID Connect Dynamic Client Registration 1.0
that are contained in the OpenID Client Registration Request and Response.
A representation of an OpenID Client Registration Request and Response, which is sent
to and returned from the Client Registration Endpoint, and contains a set of claims
about the Client's Registration information.
Helps configure an
OidcClientRegistration
.Attempts to extract an OpenID Connect 1.0 Dynamic Client Registration (or Client Read)
Request from
HttpServletRequest
and then converts to an
OidcClientRegistrationAuthenticationToken
used for authenticating the request.An
AuthenticationProvider
implementation for OpenID Connect 1.0 Dynamic Client
Registration Endpoint.An
Authentication
implementation used for OpenID Connect 1.0 Dynamic Client
Registration (and Configuration) Endpoint.Configurer for OpenID Connect 1.0 Dynamic Client Registration Endpoint.
A
Filter
that processes OpenID Connect 1.0 Dynamic Client Registration (and
Client Read) Requests.A
HttpMessageConverter
for an OpenID Client
Registration Request and Response
.Configurer for OpenID Connect 1.0 support.
Attempts to extract an OpenID Connect 1.0 RP-Initiated Logout Request from
HttpServletRequest
and then converts to an
OidcLogoutAuthenticationToken
used for authenticating the request.An
AuthenticationProvider
implementation for OpenID Connect 1.0 RP-Initiated
Logout Endpoint.An implementation of an
AuthenticationSuccessHandler
used for handling an
OidcLogoutAuthenticationToken
and performing the OpenID Connect 1.0
RP-Initiated Logout.An
Authentication
implementation used for OpenID Connect 1.0 RP-Initiated
Logout Endpoint.Configurer for OpenID Connect 1.0 RP-Initiated Logout Endpoint.
A
Filter
that processes OpenID Connect 1.0 RP-Initiated Logout Requests.A representation of an OpenID Provider Configuration Response, which is returned from
an Issuer's Discovery Endpoint, and contains a set of claims about the OpenID
Provider's configuration.
Helps configure an
OidcProviderConfiguration
.Configurer for the OpenID Connect 1.0 Provider Configuration Endpoint.
A
Filter
that processes OpenID Provider Configuration Requests.A
HttpMessageConverter
for an OpenID Provider
Configuration Response
.A
ClaimAccessor
for the "claims" that can be returned in the OpenID Provider
Configuration Response.The names of the "claims" defined by OpenID Connect Discovery 1.0 that can be returned
in the OpenID Provider Configuration Response.
An
OAuth2AuthenticationContext
that holds an
OidcUserInfoAuthenticationToken
and additional information and is used when
mapping claims to an instance of OidcUserInfo
.A builder for
OidcUserInfoAuthenticationContext
.An
AuthenticationProvider
implementation for OpenID Connect 1.0 UserInfo
Endpoint.An
Authentication
implementation used for OpenID Connect 1.0 UserInfo Endpoint.Configurer for OpenID Connect 1.0 UserInfo Endpoint.
A
Filter
that processes OpenID Connect 1.0 UserInfo Requests.A
HttpMessageConverter
for an OpenID Connect UserInfo
Response
.Attempts to extract the parameters from
HttpServletRequest
used for
authenticating public clients using Proof Key for Code Exchange (PKCE).An
AuthenticationProvider
implementation used for OAuth 2.0 Public Client
Authentication, which authenticates the code_verifier
parameter.A representation of a client registration with an OAuth 2.0 Authorization Server.
A builder for
RegisteredClient
.A repository for OAuth 2.0
RegisteredClient
(s).Internal class used for serialization across Spring Authorization Server classes.
A facility for token configuration settings.
A builder for
TokenSettings
.Attempts to extract a client
X509Certificate
chain from
HttpServletRequest
and then converts to an
OAuth2ClientAuthenticationToken
used for authenticating the client using the
tls_client_auth
or self_signed_tls_client_auth
method.An
AuthenticationProvider
implementation used for OAuth 2.0 Client
Authentication, which authenticates the client X509Certificate
received when
the tls_client_auth
or self_signed_tls_client_auth
authentication
method is used.