Package org.springframework.security.oauth2.client

Class AuthorizedClientServiceOAuth2AuthorizedClientManager

java.lang.Object

org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

All Implemented Interfaces:

OAuth2AuthorizedClientManager

public final class AuthorizedClientServiceOAuth2AuthorizedClientManager
extends Object
implements OAuth2AuthorizedClientManager

An implementation of an OAuth2AuthorizedClientManager that is capable of operating outside of the context of a HttpServletRequest, e.g. in a scheduled/background thread and/or in the service-tier.

(When operating within the context of a HttpServletRequest, use DefaultOAuth2AuthorizedClientManager instead.)

Authorized Client Persistence

This manager utilizes an OAuth2AuthorizedClientService to persist OAuth2AuthorizedClients.

By default, when an authorization attempt succeeds, the OAuth2AuthorizedClient will be saved in the OAuth2AuthorizedClientService. This functionality can be changed by configuring a custom OAuth2AuthorizationSuccessHandler via setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler).

By default, when an authorization attempt fails due to an "invalid_grant" error, the previously saved OAuth2AuthorizedClient will be removed from the OAuth2AuthorizedClientService. (The "invalid_grant" error can occur when a refresh token that is no longer valid is used to retrieve a new access token.) This functionality can be changed by configuring a custom OAuth2AuthorizationFailureHandler via setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler).

Since:

5.2

See Also:

• OAuth2AuthorizedClientManager
• OAuth2AuthorizedClientProvider
• OAuth2AuthorizedClientService
• OAuth2AuthorizationSuccessHandler
• OAuth2AuthorizationFailureHandler

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper	The default implementation of the contextAttributesMapper.

Constructor Summary

Constructors

Constructor	Description
AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService authorizedClientService)	Constructs an AuthorizedClientServiceOAuth2AuthorizedClientManager using the provided parameters.

Method Summary

Modifier and Type	Method	Description
OAuth2AuthorizedClient	authorize(OAuth2AuthorizeRequest authorizeRequest)	Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
void	setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)	Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.
void	setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler)	Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.
void	setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider)	Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
void	setContextAttributesMapper(Function<OAuth2AuthorizeRequest,Map<String,Object>> contextAttributesMapper)	Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizedClientServiceOAuth2AuthorizedClientManager

public AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,
 OAuth2AuthorizedClientService authorizedClientService)

Constructs an AuthorizedClientServiceOAuth2AuthorizedClientManager using the provided parameters.

Parameters:

clientRegistrationRepository - the repository of client registrations

authorizedClientService - the authorized client service

Method Details

authorize

@Nullable
public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest)

Description copied from interface: OAuth2AuthorizedClientManager

Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId. Implementations must return null if authorization is not supported for the specified client, e.g. the associated OAuth2AuthorizedClientProvider(s) does not support the authorization grant type configured for the client.

In the case of re-authorization, implementations must return the provided authorized client if re-authorization is not supported for the client OR is not required, e.g. a refresh token is not available OR the access token is not expired.

Specified by:

authorize in interface OAuth2AuthorizedClientManager

Parameters:

authorizeRequest - the authorize request

Returns:

the OAuth2AuthorizedClient or null if authorization is not supported for the specified client

setAuthorizedClientProvider

public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider)

Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

Parameters:

authorizedClientProvider - the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client

setContextAttributesMapper

public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest,Map<String,Object>> contextAttributesMapper)

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Parameters:

contextAttributesMapper - the Function used for supplying the Map of attributes to the authorization context

setAuthorizationSuccessHandler

public void setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler)

Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.

The default saves OAuth2AuthorizedClients in the OAuth2AuthorizedClientService.

Parameters:

authorizationSuccessHandler - the OAuth2AuthorizationSuccessHandler that handles successful authorizations

Since:

5.3

setAuthorizationFailureHandler

public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)

Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.

A RemoveAuthorizedClientOAuth2AuthorizationFailureHandler is used by default.

Parameters:

authorizationFailureHandler - the OAuth2AuthorizationFailureHandler that handles authorization failures

Since:

5.3

See Also:

• RemoveAuthorizedClientOAuth2AuthorizationFailureHandler