public class OidcAuthorizationCodeAuthenticationProvider
extends java.lang.Object
implements org.springframework.security.authentication.AuthenticationProvider
AuthenticationProvider
for the OpenID Connect Core 1.0 Authorization Code Grant Flow.
This AuthenticationProvider is responsible for authenticating
an Authorization Code credential with the Authorization Server's Token Endpoint
and if valid, exchanging it for an Access Token credential.
It will also obtain the user attributes of the End-User (Resource Owner)
from the UserInfo Endpoint using an OAuth2UserService,
which will create a Principal in the form of an OidcUser.
The OidcUser is then associated to the OAuth2LoginAuthenticationToken
to complete the authentication.
| Constructor and Description |
|---|
OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
OAuth2UserService<OidcUserRequest,org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)
Constructs an
OidcAuthorizationCodeAuthenticationProvider using the provided parameters. |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.security.core.Authentication |
authenticate(org.springframework.security.core.Authentication authentication) |
void |
setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)
Sets the
GrantedAuthoritiesMapper used for mapping OAuth2User.getAuthorities()}
to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken. |
boolean |
supports(java.lang.Class<?> authentication) |
public OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)
OidcAuthorizationCodeAuthenticationProvider using the provided parameters.accessTokenResponseClient - the client used for requesting the access token credential from the Token EndpointuserService - the service used for obtaining the user attributes of the End-User from the UserInfo Endpointpublic org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication)
throws org.springframework.security.core.AuthenticationException
authenticate in interface org.springframework.security.authentication.AuthenticationProviderorg.springframework.security.core.AuthenticationExceptionpublic final void setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)
GrantedAuthoritiesMapper used for mapping OAuth2User.getAuthorities()}
to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the user's authoritiespublic boolean supports(java.lang.Class<?> authentication)
supports in interface org.springframework.security.authentication.AuthenticationProvider