Class RefreshTokenOAuth2AuthorizedClientProvider
- java.lang.Object
-
- org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
- All Implemented Interfaces:
OAuth2AuthorizedClientProvider
public final class RefreshTokenOAuth2AuthorizedClientProvider extends java.lang.Object implements OAuth2AuthorizedClientProvider
An implementation of anOAuth2AuthorizedClientProvider
for therefresh_token
grant.- Since:
- 5.2
- See Also:
OAuth2AuthorizedClientProvider
,DefaultRefreshTokenTokenResponseClient
-
-
Constructor Summary
Constructors Constructor Description RefreshTokenOAuth2AuthorizedClientProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description OAuth2AuthorizedClient
authorize(OAuth2AuthorizationContext context)
Attempt to re-authorize theclient
in the providedcontext
.void
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient)
Sets the client used when requesting an access token credential at the Token Endpoint for therefresh_token
grant.void
setClock(java.time.Clock clock)
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.void
setClockSkew(java.time.Duration clockSkew)
Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry.
-
-
-
Method Detail
-
authorize
@Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context)
Attempt to re-authorize theclient
in the providedcontext
. Returnsnull
if re-authorization is not supported, e.g. the client is not authorized OR therefresh token
is not available for the authorized client OR theaccess token
is not expired.The following
context attributes
are supported:OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME
(optional) - aString[]
of scope(s) to be requested by theclient
- Specified by:
authorize
in interfaceOAuth2AuthorizedClientProvider
- Parameters:
context
- the context that holds authorization-specific state for the client- Returns:
- the
OAuth2AuthorizedClient
ornull
if re-authorization is not supported
-
setAccessTokenResponseClient
public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient)
Sets the client used when requesting an access token credential at the Token Endpoint for therefresh_token
grant.- Parameters:
accessTokenResponseClient
- the client used when requesting an access token credential at the Token Endpoint for therefresh_token
grant
-
setClockSkew
public void setClockSkew(java.time.Duration clockSkew)
Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry. The default is 60 seconds.An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkew
is before the current timeclock#instant()
.- Parameters:
clockSkew
- the maximum acceptable clock skew
-
setClock
public void setClock(java.time.Clock clock)
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.- Parameters:
clock
- the clock
-
-