Class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
java.lang.Object
org.springframework.security.oauth2.client.RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
- All Implemented Interfaces:
ReactiveOAuth2AuthorizationSuccessHandler
public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
extends Object
implements ReactiveOAuth2AuthorizationSuccessHandler
A
ReactiveOAuth2AuthorizationSuccessHandler that refreshes an OidcUser
in the SecurityContext if the refreshed OidcIdToken is valid according
to OpenID
Connect Core 1.0 - Section 12.2 Successful Refresh Response- Since:
- 7.1
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Void> onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map<String, Object> attributes) Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.voidsetAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) Sets aGrantedAuthoritiesMapperto use for mappingGrantedAuthoritys, defaults to no-op implementation.voidsetClockSkew(Duration clockSkew) Sets the maximum acceptable clock skew, which is used when checking theAbstractOAuth2Token.getIssuedAt()to match the existingOidcUser.getIdToken()'s issuedAt time, defaults to 60 seconds.voidsetJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory) Sets aReactiveJwtDecoderFactoryto use for decoding refreshed oidc id-token, defaults toReactiveOidcIdTokenDecoderFactory.voidsetServerSecurityContextRepository(ServerSecurityContextRepository serverSecurityContextRepository) Sets aServerSecurityContextRepositoryto use for refreshing aSecurityContext, defaults toWebSessionServerSecurityContextRepository.voidsetUserService(ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService) Sets aReactiveOAuth2UserServiceto use for loading anOidcUserfrom refreshed oidc id-token, defaults toOidcReactiveOAuth2UserService.
-
Constructor Details
-
RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
public RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler()
-
-
Method Details
-
onAuthorizationSuccess
public reactor.core.publisher.Mono<Void> onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, Authentication principal, Map<String, Object> attributes) Description copied from interface:ReactiveOAuth2AuthorizationSuccessHandlerCalled when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.- Specified by:
onAuthorizationSuccessin interfaceReactiveOAuth2AuthorizationSuccessHandler- Parameters:
authorizedClient- the client that was successfully authorizedprincipal- thePrincipalassociated with the authorized clientattributes- an immutableMapof extra optional attributes present under certain conditions. For example, this might contain aServerWebExchangeif the authorization was performed within the context of aServerWebExchange.- Returns:
- an empty
Monothat completes after this handler has finished handling the event.
-
setServerSecurityContextRepository
public void setServerSecurityContextRepository(ServerSecurityContextRepository serverSecurityContextRepository) Sets aServerSecurityContextRepositoryto use for refreshing aSecurityContext, defaults toWebSessionServerSecurityContextRepository.- Parameters:
serverSecurityContextRepository- theServerSecurityContextRepositoryto use
-
setJwtDecoderFactory
Sets aReactiveJwtDecoderFactoryto use for decoding refreshed oidc id-token, defaults toReactiveOidcIdTokenDecoderFactory.- Parameters:
jwtDecoderFactory- theReactiveJwtDecoderFactoryto use
-
setUserService
Sets aReactiveOAuth2UserServiceto use for loading anOidcUserfrom refreshed oidc id-token, defaults toOidcReactiveOAuth2UserService.- Parameters:
userService- theReactiveOAuth2UserServiceto use
-
setAuthoritiesMapper
Sets aGrantedAuthoritiesMapperto use for mappingGrantedAuthoritys, defaults to no-op implementation.- Parameters:
authoritiesMapper- theGrantedAuthoritiesMapperto use
-
setClockSkew
Sets the maximum acceptable clock skew, which is used when checking theAbstractOAuth2Token.getIssuedAt()to match the existingOidcUser.getIdToken()'s issuedAt time, defaults to 60 seconds.- Parameters:
clockSkew- the maximum acceptable clock skew to use
-