public final class PasswordOAuth2AuthorizedClientProvider extends java.lang.Object implements OAuth2AuthorizedClientProvider
OAuth2AuthorizedClientProvider
for the
password
grant.OAuth2AuthorizedClientProvider
,
DefaultPasswordTokenResponseClient
Constructor and Description |
---|
PasswordOAuth2AuthorizedClientProvider() |
Modifier and Type | Method and Description |
---|---|
OAuth2AuthorizedClient |
authorize(OAuth2AuthorizationContext context)
Attempt to authorize (or re-authorize) the
client in the provided
context . |
void |
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient)
Sets the client used when requesting an access token credential at the Token
Endpoint for the
password grant. |
void |
setClock(java.time.Clock clock)
Sets the
Clock used in Instant.now(Clock) when checking the access
token expiry. |
void |
setClockSkew(java.time.Duration clockSkew)
Sets the maximum acceptable clock skew, which is used when checking the
access token expiry. |
public PasswordOAuth2AuthorizedClientProvider()
@Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context)
client
in the provided
context
. Returns null
if authorization (or re-authorization) is not
supported, e.g. the client's authorization grant type
is not password
OR the username
and/or
password
attributes are
not available in the provided context
OR the
access token
is not expired.
The following context attributes
are supported:
OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME
(required) - a
String
value for the resource owner's usernameOAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME
(required) - a
String
value for the resource owner's passwordauthorize
in interface OAuth2AuthorizedClientProvider
context
- the context that holds authorization-specific state for the clientOAuth2AuthorizedClient
or null
if authorization (or
re-authorization) is not supportedpublic void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient)
password
grant.accessTokenResponseClient
- the client used when requesting an access token
credential at the Token Endpoint for the password
grantpublic void setClockSkew(java.time.Duration clockSkew)
access token
expiry. The default is
60 seconds.
An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkew
is before the current time
clock#instant()
.
clockSkew
- the maximum acceptable clock skewpublic void setClock(java.time.Clock clock)
Clock
used in Instant.now(Clock)
when checking the access
token expiry.clock
- the clock