Class OidcAuthorizationCodeAuthenticationProvider
- All Implemented Interfaces:
AuthenticationProvider
AuthenticationProvider
for the OpenID Connect Core 1.0
Authorization Code Grant Flow.
This AuthenticationProvider
is responsible for authenticating an Authorization
Code credential with the Authorization Server's Token Endpoint and if valid, exchanging
it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner) from the
UserInfo Endpoint using an OAuth2UserService
, which will create a
Principal
in the form of an OidcUser
. The OidcUser
is then
associated to the OAuth2LoginAuthenticationToken
to complete the
authentication.
-
Constructor Summary
ConstructorDescriptionOidcAuthorizationCodeAuthenticationProvider
(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest, OidcUser> userService) Constructs anOidcAuthorizationCodeAuthenticationProvider
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(Authentication authentication) Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.final void
setAuthoritiesMapper
(GrantedAuthoritiesMapper authoritiesMapper) Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
} to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.final void
setJwtDecoderFactory
(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory) Sets theJwtDecoderFactory
used forOidcIdToken
signature verification.boolean
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.
-
Constructor Details
-
OidcAuthorizationCodeAuthenticationProvider
public OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest, OidcUser> userService) Constructs anOidcAuthorizationCodeAuthenticationProvider
using the provided parameters.- Parameters:
accessTokenResponseClient
- the client used for requesting the access token credential from the Token EndpointuserService
- the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationProvider
Performs authentication with the same contract asAuthenticationManager.authenticate(Authentication)
.- Specified by:
authenticate
in interfaceAuthenticationProvider
- Parameters:
authentication
- the authentication request object.- Returns:
- a fully authenticated object including credentials. May return
null
if theAuthenticationProvider
is unable to support authentication of the passedAuthentication
object. In such a case, the nextAuthenticationProvider
that supports the presentedAuthentication
class will be tried. - Throws:
AuthenticationException
- if authentication fails.
-
setJwtDecoderFactory
Sets theJwtDecoderFactory
used forOidcIdToken
signature verification. The factory returns aJwtDecoder
associated to the providedClientRegistration
.- Parameters:
jwtDecoderFactory
- theJwtDecoderFactory
used forOidcIdToken
signature verification- Since:
- 5.2
-
setAuthoritiesMapper
Sets theGrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
} to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
.- Parameters:
authoritiesMapper
- theGrantedAuthoritiesMapper
used for mapping the user's authorities
-
supports
Description copied from interface:AuthenticationProvider
Returnstrue
if thisAuthenticationProvider
supports the indicatedAuthentication
object.Returning
true
does not guarantee anAuthenticationProvider
will be able to authenticate the presented instance of theAuthentication
class. It simply indicates it can support closer evaluation of it. AnAuthenticationProvider
can still returnnull
from theAuthenticationProvider.authenticate(Authentication)
method to indicate anotherAuthenticationProvider
should be tried.Selection of an
AuthenticationProvider
capable of performing authentication is conducted at runtime theProviderManager
.- Specified by:
supports
in interfaceAuthenticationProvider
- Returns:
true
if the implementation can more closely evaluate theAuthentication
class presented
-