Class OidcAuthorizationCodeAuthenticationProvider
- java.lang.Object
-
- org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
-
- All Implemented Interfaces:
AuthenticationProvider
public class OidcAuthorizationCodeAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
An implementation of anAuthenticationProvider
for the OpenID Connect Core 1.0 Authorization Code Grant Flow.This
AuthenticationProvider
is responsible for authenticating an Authorization Code credential with the Authorization Server's Token Endpoint and if valid, exchanging it for an Access Token credential.It will also obtain the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using an
OAuth2UserService
, which will create aPrincipal
in the form of anOidcUser
. TheOidcUser
is then associated to theOAuth2LoginAuthenticationToken
to complete the authentication.
-
-
Constructor Summary
Constructors Constructor Description OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,OidcUser> userService)
Constructs anOidcAuthorizationCodeAuthenticationProvider
using the provided parameters.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Authentication
authenticate(Authentication authentication)
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.void
setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
} to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.void
setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory)
Sets theJwtDecoderFactory
used forOidcIdToken
signature verification.boolean
supports(java.lang.Class<?> authentication)
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
-
-
Constructor Detail
-
OidcAuthorizationCodeAuthenticationProvider
public OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,OidcUser> userService)
Constructs anOidcAuthorizationCodeAuthenticationProvider
using the provided parameters.- Parameters:
accessTokenResponseClient
- the client used for requesting the access token credential from the Token EndpointuserService
- the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
-
-
Method Detail
-
authenticate
public Authentication authenticate(Authentication authentication) throws AuthenticationException
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
setJwtDecoderFactory
public final void setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory)
Sets theJwtDecoderFactory
used forOidcIdToken
signature verification. The factory returns aJwtDecoder
associated to the providedClientRegistration
.- Parameters:
jwtDecoderFactory
- theJwtDecoderFactory
used forOidcIdToken
signature verification- Since:
- 5.2
-
setAuthoritiesMapper
public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
} to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.- Parameters:
authoritiesMapper
- theGrantedAuthoritiesMapper
used for mapping the user's authorities
-
supports
public boolean supports(java.lang.Class<?> authentication)
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-
-