Package org.springframework.security.oauth2.client.web

Class DefaultOAuth2AuthorizedClientManager

java.lang.Object

org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

All Implemented Interfaces:

OAuth2AuthorizedClientManager

public final class DefaultOAuth2AuthorizedClientManager
extends Object
implements OAuth2AuthorizedClientManager

The default implementation of an OAuth2AuthorizedClientManager for use within the context of a HttpServletRequest.

(When operating outside of the context of a HttpServletRequest, use AuthorizedClientServiceOAuth2AuthorizedClientManager instead.)

Authorized Client Persistence

This manager utilizes an OAuth2AuthorizedClientRepository to persist OAuth2AuthorizedClients.

By default, when an authorization attempt succeeds, the OAuth2AuthorizedClient will be saved in the OAuth2AuthorizedClientRepository. This functionality can be changed by configuring a custom OAuth2AuthorizationSuccessHandler via setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler).

By default, when an authorization attempt fails due to an "invalid_grant" error, the previously saved OAuth2AuthorizedClient will be removed from the OAuth2AuthorizedClientRepository. (The "invalid_grant" error can occur when a refresh token that is no longer valid is used to retrieve a new access token.) This functionality can be changed by configuring a custom OAuth2AuthorizationFailureHandler via setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler).

Since:

5.2

See Also:

• OAuth2AuthorizedClientManager
• OAuth2AuthorizedClientProvider
• OAuth2AuthorizationSuccessHandler
• OAuth2AuthorizationFailureHandler

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper	The default implementation of the contextAttributesMapper.

Constructor Summary

Constructors

Constructor	Description
DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository)	Constructs a DefaultOAuth2AuthorizedClientManager using the provided parameters.

Method Summary

Modifier and Type	Method	Description
OAuth2AuthorizedClient	authorize(OAuth2AuthorizeRequest authorizeRequest)	Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
void	setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)	Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.
void	setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler)	Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.
void	setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider)	Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
void	setContextAttributesMapper(Function<OAuth2AuthorizeRequest,Map<String,Object>> contextAttributesMapper)	Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultOAuth2AuthorizedClientManager

public DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository,
 OAuth2AuthorizedClientRepository authorizedClientRepository)

Constructs a DefaultOAuth2AuthorizedClientManager using the provided parameters.

Parameters:

clientRegistrationRepository - the repository of client registrations

authorizedClientRepository - the repository of authorized clients

Method Details

authorize

@Nullable
public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest)

Description copied from interface: OAuth2AuthorizedClientManager

Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId. Implementations must return null if authorization is not supported for the specified client, e.g. the associated OAuth2AuthorizedClientProvider(s) does not support the authorization grant type configured for the client.

In the case of re-authorization, implementations must return the provided authorized client if re-authorization is not supported for the client OR is not required, e.g. a refresh token is not available OR the access token is not expired.

Specified by:

authorize in interface OAuth2AuthorizedClientManager

Parameters:

authorizeRequest - the authorize request

Returns:

the OAuth2AuthorizedClient or null if authorization is not supported for the specified client

setAuthorizedClientProvider

public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider authorizedClientProvider)

Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

Parameters:

authorizedClientProvider - the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client

setContextAttributesMapper

public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest,Map<String,Object>> contextAttributesMapper)

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Parameters:

contextAttributesMapper - the Function used for supplying the Map of attributes to the authorization context

setAuthorizationSuccessHandler

public void setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler authorizationSuccessHandler)

Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.

The default saves OAuth2AuthorizedClients in the OAuth2AuthorizedClientRepository.

Parameters:

authorizationSuccessHandler - the OAuth2AuthorizationSuccessHandler that handles successful authorizations

Since:

5.3

setAuthorizationFailureHandler

public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler authorizationFailureHandler)

Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.

A RemoveAuthorizedClientOAuth2AuthorizationFailureHandler is used by default.

Parameters:

authorizationFailureHandler - the OAuth2AuthorizationFailureHandler that handles authorization failures

Since:

5.3

See Also:

• RemoveAuthorizedClientOAuth2AuthorizationFailureHandler