Class PasswordReactiveOAuth2AuthorizedClientProvider

java.lang.Object
org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
All Implemented Interfaces:
ReactiveOAuth2AuthorizedClientProvider

@Deprecated(since="5.8", forRemoval=true) public final class PasswordReactiveOAuth2AuthorizedClientProvider extends Object implements ReactiveOAuth2AuthorizedClientProvider
Deprecated, for removal: This API element is subject to removal in a future version.
The OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the password grant.
Since:
5.2
See Also:
  • Constructor Details

    • PasswordReactiveOAuth2AuthorizedClientProvider

      public PasswordReactiveOAuth2AuthorizedClientProvider()
      Deprecated, for removal: This API element is subject to removal in a future version.
  • Method Details

    • authorize

      public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Attempt to authorize (or re-authorize) the client in the provided context. Returns an empty Mono if authorization (or re-authorization) is not supported, e.g. the client's authorization grant type is not password OR the username and/or password attributes are not available in the provided context OR the access token is not expired.

      The following context attributes are supported:

      1. OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME (required) - a String value for the resource owner's username
      2. OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME (required) - a String value for the resource owner's password
      Specified by:
      authorize in interface ReactiveOAuth2AuthorizedClientProvider
      Parameters:
      context - the context that holds authorization-specific state for the client
      Returns:
      the OAuth2AuthorizedClient or an empty Mono if authorization (or re-authorization) is not supported
    • setAccessTokenResponseClient

      public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.
      Parameters:
      accessTokenResponseClient - the client used when requesting an access token credential at the Token Endpoint for the password grant
    • setClockSkew

      public void setClockSkew(Duration clockSkew)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Sets the maximum acceptable clock skew, which is used when checking the access token expiry. The default is 60 seconds.

      An access token is considered expired if OAuth2AccessToken#getExpiresAt() - clockSkew is before the current time clock#instant().

      Parameters:
      clockSkew - the maximum acceptable clock skew
    • setClock

      public void setClock(Clock clock)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
      Parameters:
      clock - the clock