Class RefreshTokenReactiveOAuth2AuthorizedClientProvider
java.lang.Object
org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
- All Implemented Interfaces:
ReactiveOAuth2AuthorizedClientProvider
public final class RefreshTokenReactiveOAuth2AuthorizedClientProvider
extends Object
implements ReactiveOAuth2AuthorizedClientProvider
An implementation of a
ReactiveOAuth2AuthorizedClientProvider for the
refresh_token grant.- Since:
- 5.2
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) Attempt to re-authorize theclientin the providedcontext.voidsetAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) Sets the client used when requesting an access token credential at the Token Endpoint for therefresh_tokengrant.voidsetAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler) Sets aReactiveOAuth2AuthorizationSuccessHandlerto use for handling successful refresh token response.voidSets theClockused inInstant.now(Clock)when checking the access token expiry.voidsetClockSkew(Duration clockSkew) Sets the maximum acceptable clock skew, which is used when checking theaccess tokenexpiry.
-
Constructor Details
-
RefreshTokenReactiveOAuth2AuthorizedClientProvider
public RefreshTokenReactiveOAuth2AuthorizedClientProvider()
-
-
Method Details
-
authorize
public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) Attempt to re-authorize theclientin the providedcontext. Returns an emptyMonoif re-authorization is not supported, e.g. the client is not authorized OR therefresh tokenis not available for the authorized client OR theaccess tokenis not expired.The following
context attributesare supported:"org.springframework.security.oauth2.client.REQUEST_SCOPE"(optional) - aString[]of scope(s) to be requested by theclient
- Specified by:
authorizein interfaceReactiveOAuth2AuthorizedClientProvider- Parameters:
context- the context that holds authorization-specific state for the client- Returns:
- the
OAuth2AuthorizedClientor an emptyMonoif re-authorization is not supported
-
setAccessTokenResponseClient
public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> accessTokenResponseClient) Sets the client used when requesting an access token credential at the Token Endpoint for therefresh_tokengrant.- Parameters:
accessTokenResponseClient- the client used when requesting an access token credential at the Token Endpoint for therefresh_tokengrant
-
setAuthorizationSuccessHandler
public void setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler) Sets aReactiveOAuth2AuthorizationSuccessHandlerto use for handling successful refresh token response. Defaults toRefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler, whenspring-security-oauth2-joseis available on the classpath.- Parameters:
authorizationSuccessHandler- theReactiveOAuth2AuthorizationSuccessHandlerto use- Since:
- 7.1
-
setClockSkew
Sets the maximum acceptable clock skew, which is used when checking theaccess tokenexpiry. The default is 60 seconds.An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkewis before the current timeclock#instant().- Parameters:
clockSkew- the maximum acceptable clock skew
-
setClock
Sets theClockused inInstant.now(Clock)when checking the access token expiry.- Parameters:
clock- the clock
-