Class OpaqueTokenAuthenticationProvider

All Implemented Interfaces:

public final class OpaqueTokenAuthenticationProvider extends Object implements AuthenticationProvider
An AuthenticationProvider implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

This AuthenticationProvider is responsible for introspecting and verifying an opaque access token, returning its attributes set as part of the Authentication statement.

Scopes are translated into GrantedAuthoritys according to the following algorithm:

  1. If there is a "scope" attribute, then convert to a Collection of Strings.
  2. Take the resulting Collection and prepend the "SCOPE_" keyword to each element, adding as GrantedAuthoritys.

An OpaqueTokenIntrospector is responsible for retrieving token attributes from an authorization server.

An OpaqueTokenAuthenticationConverter is responsible for turning a successful introspection result into an Authentication instance (which may include mapping GrantedAuthoritys from token attributes or retrieving from another source).

See Also:
  • Constructor Details

    • OpaqueTokenAuthenticationProvider

      public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector)
      Creates a OpaqueTokenAuthenticationProvider with the provided parameters
      introspector - The OpaqueTokenIntrospector to use
  • Method Details