Class JwtBearerReactiveOAuth2AuthorizedClientProvider
- java.lang.Object
-
- org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
- All Implemented Interfaces:
ReactiveOAuth2AuthorizedClientProvider
public final class JwtBearerReactiveOAuth2AuthorizedClientProvider extends java.lang.Object implements ReactiveOAuth2AuthorizedClientProvider
An implementation of anReactiveOAuth2AuthorizedClientProvider
for thejwt-bearer
grant.- Since:
- 5.6
- See Also:
ReactiveOAuth2AuthorizedClientProvider
,WebClientReactiveJwtBearerTokenResponseClient
-
-
Constructor Summary
Constructors Constructor Description JwtBearerReactiveOAuth2AuthorizedClientProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description reactor.core.publisher.Mono<OAuth2AuthorizedClient>
authorize(OAuth2AuthorizationContext context)
Attempt to authorize (or re-authorize) theclient
in the providedcontext
.void
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest> accessTokenResponseClient)
Sets the client used when requesting an access token credential at the Token Endpoint for thejwt-bearer
grant.void
setClock(java.time.Clock clock)
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.void
setClockSkew(java.time.Duration clockSkew)
Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry.void
setJwtAssertionResolver(java.util.function.Function<OAuth2AuthorizationContext,reactor.core.publisher.Mono<Jwt>> jwtAssertionResolver)
Sets the resolver used for resolving theJwt
assertion.
-
-
-
Method Detail
-
authorize
public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context)
Attempt to authorize (or re-authorize) theclient
in the providedcontext
. Returns an emptyMono
if authorization (or re-authorization) is not supported, e.g. the client'sauthorization grant type
is notjwt-bearer
OR theaccess token
is not expired.- Specified by:
authorize
in interfaceReactiveOAuth2AuthorizedClientProvider
- Parameters:
context
- the context that holds authorization-specific state for the client- Returns:
- the
OAuth2AuthorizedClient
or an emptyMono
if authorization is not supported
-
setAccessTokenResponseClient
public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest> accessTokenResponseClient)
Sets the client used when requesting an access token credential at the Token Endpoint for thejwt-bearer
grant.- Parameters:
accessTokenResponseClient
- the client used when requesting an access token credential at the Token Endpoint for thejwt-bearer
grant
-
setJwtAssertionResolver
public void setJwtAssertionResolver(java.util.function.Function<OAuth2AuthorizationContext,reactor.core.publisher.Mono<Jwt>> jwtAssertionResolver)
Sets the resolver used for resolving theJwt
assertion.- Parameters:
jwtAssertionResolver
- the resolver used for resolving theJwt
assertion- Since:
- 5.7
-
setClockSkew
public void setClockSkew(java.time.Duration clockSkew)
Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry. The default is 60 seconds.An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkew
is before the current timeclock#instant()
.- Parameters:
clockSkew
- the maximum acceptable clock skew
-
setClock
public void setClock(java.time.Clock clock)
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.- Parameters:
clock
- the clock
-
-