Class OAuth2AuthenticationToken

java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
All Implemented Interfaces:
Serializable, Principal, Authentication, CredentialsContainer

public class OAuth2AuthenticationToken extends AbstractAuthenticationToken
An implementation of an AbstractAuthenticationToken that represents an OAuth 2.0 Authentication.

The Authentication associates an OAuth2User Principal to the identifier of the Authorized Client, which the End-User (Principal) granted authorization to so that it can access its protected resources at the UserInfo Endpoint.

Since:
5.0
See Also:
  • Constructor Details

    • OAuth2AuthenticationToken

      public OAuth2AuthenticationToken(OAuth2User principal, Collection<? extends GrantedAuthority> authorities, String authorizedClientRegistrationId)
      Constructs an OAuth2AuthenticationToken using the provided parameters.
      Parameters:
      principal - the user Principal registered with the OAuth 2.0 Provider
      authorities - the authorities granted to the user
      authorizedClientRegistrationId - the registration identifier of the Authorized Client
    • OAuth2AuthenticationToken

      protected OAuth2AuthenticationToken(OAuth2AuthenticationToken.Builder<?> builder)
  • Method Details

    • getPrincipal

      public OAuth2User getPrincipal()
      Description copied from interface: Authentication
      The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.

      The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a UserDetails object as the principal.

      Returns:
      the Principal being authenticated or the authenticated principal after authentication.
    • getCredentials

      public Object getCredentials()
      Description copied from interface: Authentication
      The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.
      Returns:
      the credentials that prove the identity of the Principal
    • getAuthorizedClientRegistrationId

      public String getAuthorizedClientRegistrationId()
      Returns the registration identifier of the Authorized Client.
      Returns:
      the registration identifier of the Authorized Client.
    • toBuilder

      public OAuth2AuthenticationToken.Builder<?> toBuilder()
      Description copied from interface: Authentication
      Return an Authentication.Builder based on this instance. By default, returns a builder that builds a SimpleAuthentication.

      Although a default method, all Authentication implementations should implement this. The reason is to ensure that the Authentication type is preserved when Authentication.Builder.build() is invoked. This is especially important in the event that your authentication implementation contains custom fields.

      This isn't strictly necessary since it is recommended that applications code to the Authentication interface and that custom information is often contained in the Authentication.getPrincipal() value.

      Returns:
      an Authentication.Builder for building a new Authentication based on this instance