Package org.springframework.security.oauth2.client.oidc.userinfo

Class OidcReactiveOAuth2UserService

java.lang.Object
org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
All Implemented Interfaces:
ReactiveOAuth2UserService<OidcUserRequest,OidcUser>
public class OidcReactiveOAuth2UserService extends Object implements ReactiveOAuth2UserService<OidcUserRequest,OidcUser>
An implementation of an ReactiveOAuth2UserService that supports OpenID Connect 1.0 Provider's.
Since:
5.1
See Also:

  • Constructor Details

    • OidcReactiveOAuth2UserService

      public OidcReactiveOAuth2UserService()

  • Method Details

    • createDefaultClaimTypeConverters

      public static Map<String,org.springframework.core.convert.converter.Converter<Object,?>> createDefaultClaimTypeConverters()
      Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.
      Returns:
      a Map of Converter's keyed by claim name
      Since:
      5.2

    • loadUser

      public reactor.core.publisher.Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException
      Description copied from interface: ReactiveOAuth2UserService
      Returns an OAuth2User after obtaining the user attributes of the End-User from the UserInfo Endpoint.
      Specified by:
      loadUser in interface ReactiveOAuth2UserService<OidcUserRequest,OidcUser>
      Parameters:
      userRequest - the user request
      Returns:
      an OAuth2User
      Throws:
      OAuth2AuthenticationException - if an error occurs while attempting to obtain the user attributes from the UserInfo Endpoint

    • setOauth2UserService

      public void setOauth2UserService(ReactiveOAuth2UserService<OAuth2UserRequest,OAuth2User> oauth2UserService)

    • setClaimTypeConverterFactory

      public final void setClaimTypeConverterFactory(Function<ClientRegistration,org.springframework.core.convert.converter.Converter<Map<String,Object>,Map<String,Object>>> claimTypeConverterFactory)
      Sets the factory that provides a Converter used for type conversion of claim values for an OidcUserInfo. The default is ClaimTypeConverter for all clients.
      Parameters:
      claimTypeConverterFactory - the factory that provides a Converter used for type conversion of claim values for a specific client
      Since:
      5.2

    • setRetrieveUserInfo

      public final void setRetrieveUserInfo(Predicate<OidcUserRequest> retrieveUserInfo)
      Sets the Predicate used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner).

      By default, the UserInfo Endpoint is called if all of the following are true:

      Parameters:
      retrieveUserInfo - the function used to determine if the UserInfo Endpoint should be called
      Since:
      6.3

    • setOidcUserMapper

      public final void setOidcUserMapper(BiFunction<OidcUserRequest,OidcUserInfo,reactor.core.publisher.Mono<OidcUser>> oidcUserMapper)
      Sets the BiFunction used to map the user from the user request and user info.

      This is useful when you need to map the user or authorities from the access token itself. For example, when the authorization server provides authorization information in the access token payload you can do the following: 

              @Bean
        public OidcReactiveOAuth2UserService oidcUserService() {
                var userService = new OidcReactiveOAuth2UserService();
                userService.setOidcUserMapper(oidcUserMapper());
                return userService;
        }

        private static BiFunction<OidcUserRequest, OidcUserInfo, Mono<OidcUser>> oidcUserMapper() {
                return (userRequest, userInfo) -> {
                        var accessToken = userRequest.getAccessToken();
                        var grantedAuthorities = new HashSet<GrantedAuthority>();
                        // TODO: Map authorities from the access token
                        var userNameAttributeName = "preferred_username";
                        return Mono.just(new DefaultOidcUser(
                                grantedAuthorities,
                                userRequest.getIdToken(),
                                userInfo,
                                userNameAttributeName
                        ));
                };
        }

      Note that you can access the userNameAttributeName via the ClientRegistration as follows: 

              var userNameAttributeName = userRequest.getClientRegistration()
                .getProviderDetails()
                .getUserInfoEndpoint()
                .getUserNameAttributeName();

      By default, a DefaultOidcUser is created with authorities mapped as follows:

      Parameters:
      oidcUserMapper - the function used to map the OidcUser from the OidcUserRequest and OidcUserInfo
      Since:
      6.3