Class RefreshTokenOAuth2AuthorizedClientProvider

java.lang.Object
org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
All Implemented Interfaces:
OAuth2AuthorizedClientProvider

public final class RefreshTokenOAuth2AuthorizedClientProvider extends Object implements OAuth2AuthorizedClientProvider
An implementation of an OAuth2AuthorizedClientProvider for the refresh_token grant.
Since:
5.2
See Also:
  • Constructor Details

    • RefreshTokenOAuth2AuthorizedClientProvider

      public RefreshTokenOAuth2AuthorizedClientProvider()
  • Method Details

    • authorize

      @Nullable public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext context)
      Attempt to re-authorize the client in the provided context. Returns null if re-authorization is not supported, e.g. the client is not authorized OR the refresh token is not available for the authorized client OR the access token is not expired.

      The following context attributes are supported:

      1. OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME (optional) - a String[] of scope(s) to be requested by the client
      Specified by:
      authorize in interface OAuth2AuthorizedClientProvider
      Parameters:
      context - the context that holds authorization-specific state for the client
      Returns:
      the OAuth2AuthorizedClient or null if re-authorization is not supported
    • setAccessTokenResponseClient

      public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient)
      Sets the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant.
      Parameters:
      accessTokenResponseClient - the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant
    • setClockSkew

      public void setClockSkew(Duration clockSkew)
      Sets the maximum acceptable clock skew, which is used when checking the access token expiry. The default is 60 seconds.

      An access token is considered expired if OAuth2AccessToken#getExpiresAt() - clockSkew is before the current time clock#instant().

      Parameters:
      clockSkew - the maximum acceptable clock skew
    • setClock

      public void setClock(Clock clock)
      Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
      Parameters:
      clock - the clock