Class TokenExchangeOAuth2AuthorizedClientProvider
java.lang.Object
org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
- All Implemented Interfaces:
OAuth2AuthorizedClientProvider
public final class TokenExchangeOAuth2AuthorizedClientProvider
extends Object
implements OAuth2AuthorizedClientProvider
An implementation of an
OAuth2AuthorizedClientProvider
for the
token-exchange
grant.- Since:
- 6.3
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthorize
(OAuth2AuthorizationContext context) Attempt to authorize (or re-authorize) theclient
in the providedcontext
.void
setAccessTokenResponseClient
(OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> accessTokenResponseClient) Sets the client used when requesting an access token credential at the Token Endpoint for thetoken-exchange
grant.void
setActorTokenResolver
(Function<OAuth2AuthorizationContext, OAuth2Token> actorTokenResolver) Sets the resolver used for resolving theactor token
.void
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.void
setClockSkew
(Duration clockSkew) Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry.void
setSubjectTokenResolver
(Function<OAuth2AuthorizationContext, OAuth2Token> subjectTokenResolver) Sets the resolver used for resolving thesubject token
.
-
Constructor Details
-
TokenExchangeOAuth2AuthorizedClientProvider
public TokenExchangeOAuth2AuthorizedClientProvider()
-
-
Method Details
-
authorize
Attempt to authorize (or re-authorize) theclient
in the providedcontext
. Returnsnull
if authorization (or re-authorization) is not supported, e.g. the client'sauthorization grant type
is nottoken-exchange
OR theaccess token
is not expired.- Specified by:
authorize
in interfaceOAuth2AuthorizedClientProvider
- Parameters:
context
- the context that holds authorization-specific state for the client- Returns:
- the
OAuth2AuthorizedClient
ornull
if authorization is not supported
-
setAccessTokenResponseClient
public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> accessTokenResponseClient) Sets the client used when requesting an access token credential at the Token Endpoint for thetoken-exchange
grant.- Parameters:
accessTokenResponseClient
- the client used when requesting an access token credential at the Token Endpoint for thetoken-exchange
grant
-
setSubjectTokenResolver
public void setSubjectTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token> subjectTokenResolver) Sets the resolver used for resolving thesubject token
.- Parameters:
subjectTokenResolver
- the resolver used for resolving thesubject token
-
setActorTokenResolver
public void setActorTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token> actorTokenResolver) Sets the resolver used for resolving theactor token
.- Parameters:
actorTokenResolver
- the resolver used for resolving theactor token
-
setClockSkew
Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry. The default is 60 seconds.An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkew
is before the current timeclock#instant()
.- Parameters:
clockSkew
- the maximum acceptable clock skew
-
setClock
Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.- Parameters:
clock
- the clock
-