org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

All Implemented Interfaces:: AuthenticationProvider

public class OidcAuthorizationCodeAuthenticationProvider extends Object implements AuthenticationProvider

An implementation of an AuthenticationProvider for the OpenID Connect Core 1.0 Authorization Code Grant Flow.

This AuthenticationProvider is responsible for authenticating an Authorization Code credential with the Authorization Server's Token Endpoint and if valid, exchanging it for an Access Token credential.

It will also obtain the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using an OAuth2UserService, which will create a Principal in the form of an OidcUser. The OidcUser is then associated to the OAuth2LoginAuthenticationToken to complete the authentication.

Since:

5.0

See Also:

Constructor Summary

Constructors

Constructor

Description

OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,OidcUser> userService)

Constructs an OidcAuthorizationCodeAuthenticationProvider using the provided parameters.
Method Summary

Modifier and Type

Method

Description

Authentication

authenticate(Authentication authentication)

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .

final void

setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()} to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.

final void

setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory)

Sets the JwtDecoderFactory used for OidcIdToken signature verification.

boolean

supports(Class<?> authentication)

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- OidcAuthorizationCodeAuthenticationProvider
  
  public OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,OidcUser> userService)
  
  Constructs an OidcAuthorizationCodeAuthenticationProvider using the provided parameters.
  
  Parameters:
  
  accessTokenResponseClient - the client used for requesting the access token credential from the Token Endpoint
  
  userService - the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint
Method Details
- authenticate
  
  public Authentication authenticate(Authentication authentication) throws AuthenticationException
  
  Description copied from interface: AuthenticationProvider
  
  Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
  
  Specified by:
  
  authenticate in interface AuthenticationProvider
  
  Parameters:
  
  authentication - the authentication request object.
  
  Returns:
  
  a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
  
  Throws:
  
  AuthenticationException - if authentication fails.
- setJwtDecoderFactory
  
  public final void setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration> jwtDecoderFactory)
  
  Sets the JwtDecoderFactory used for OidcIdToken signature verification. The factory returns a JwtDecoder associated to the provided ClientRegistration.
  
  Parameters:
  
  jwtDecoderFactory - the JwtDecoderFactory used for OidcIdToken signature verification
  
  Since:
  
  5.2
- setAuthoritiesMapper
  
  public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
  
  Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()} to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
  
  Parameters:
  
  authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the user's authorities
- supports
  
  public boolean supports(Class<?> authentication)
  
  Description copied from interface: AuthenticationProvider
  
  Returns true if this AuthenticationProvider supports the indicated Authentication object.
  Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.
  
  Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.
  
  Specified by:
  
  supports in interface AuthenticationProvider
  
  Returns:
  
  true if the implementation can more closely evaluate the Authentication class presented

Class OidcAuthorizationCodeAuthenticationProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

OidcAuthorizationCodeAuthenticationProvider

Method Details

authenticate

setJwtDecoderFactory

setAuthoritiesMapper

supports