Class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler

java.lang.Object

org.springframework.security.oauth2.client.RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler

All Implemented Interfaces:

ReactiveOAuth2AuthorizationSuccessHandler

public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
extends Object
implements ReactiveOAuth2AuthorizationSuccessHandler

A ReactiveOAuth2AuthorizationSuccessHandler that refreshes an OidcUser in the SecurityContext if the refreshed OidcIdToken is valid according to OpenID Connect Core 1.0 - Section 12.2 Successful Refresh Response

Since:

7.1

See Also:

• RefreshTokenReactiveOAuth2AuthorizedClientProvider

Constructor Summary

Constructors

Constructor	Description
RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler()

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<Void>	onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map<String,Object> attributes)	Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
void	setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)	Sets a GrantedAuthoritiesMapper to use for mapping GrantedAuthoritys, defaults to no-op implementation.
void	setClockSkew(Duration clockSkew)	Sets the maximum acceptable clock skew, which is used when checking the AbstractOAuth2Token.getIssuedAt() to match the existing OidcUser.getIdToken()'s issuedAt time, defaults to 60 seconds.
void	setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory)	Sets a ReactiveJwtDecoderFactory to use for decoding refreshed oidc id-token, defaults to ReactiveOidcIdTokenDecoderFactory.
void	setServerSecurityContextRepository(ServerSecurityContextRepository serverSecurityContextRepository)	Sets a ServerSecurityContextRepository to use for refreshing a SecurityContext, defaults to WebSessionServerSecurityContextRepository.
void	setUserService(ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService)	Sets a ReactiveOAuth2UserService to use for loading an OidcUser from refreshed oidc id-token, defaults to OidcReactiveOAuth2UserService.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler

public RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler()

Method Details

onAuthorizationSuccess

public reactor.core.publisher.Mono<Void> onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient,
 Authentication principal,
 Map<String,Object> attributes)

Description copied from interface: ReactiveOAuth2AuthorizationSuccessHandler

Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.

Specified by:

onAuthorizationSuccess in interface ReactiveOAuth2AuthorizationSuccessHandler

Parameters:

authorizedClient - the client that was successfully authorized

principal - the Principal associated with the authorized client

attributes - an immutable Map of extra optional attributes present under certain conditions. For example, this might contain a ServerWebExchange if the authorization was performed within the context of a ServerWebExchange.

Returns:

an empty Mono that completes after this handler has finished handling the event.

setServerSecurityContextRepository

public void setServerSecurityContextRepository(ServerSecurityContextRepository serverSecurityContextRepository)

Sets a ServerSecurityContextRepository to use for refreshing a SecurityContext, defaults to WebSessionServerSecurityContextRepository.

Parameters:

serverSecurityContextRepository - the ServerSecurityContextRepository to use

setJwtDecoderFactory

public void setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory)

Sets a ReactiveJwtDecoderFactory to use for decoding refreshed oidc id-token, defaults to ReactiveOidcIdTokenDecoderFactory.

Parameters:

jwtDecoderFactory - the ReactiveJwtDecoderFactory to use

setUserService

public void setUserService(ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService)

Sets a ReactiveOAuth2UserService to use for loading an OidcUser from refreshed oidc id-token, defaults to OidcReactiveOAuth2UserService.

Parameters:

userService - the ReactiveOAuth2UserService to use

setAuthoritiesMapper

public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)

Sets a GrantedAuthoritiesMapper to use for mapping GrantedAuthoritys, defaults to no-op implementation.

Parameters:

authoritiesMapper - the GrantedAuthoritiesMapper to use

setClockSkew

public void setClockSkew(Duration clockSkew)

Sets the maximum acceptable clock skew, which is used when checking the AbstractOAuth2Token.getIssuedAt() to match the existing OidcUser.getIdToken()'s issuedAt time, defaults to 60 seconds.

Parameters:

clockSkew - the maximum acceptable clock skew to use