org.springframework.security.oauth2.client

Class PasswordReactiveOAuth2AuthorizedClientProvider

java.lang.Object

org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

All Implemented Interfaces:

ReactiveOAuth2AuthorizedClientProvider

public final class PasswordReactiveOAuth2AuthorizedClientProvider
extends java.lang.Object
implements ReactiveOAuth2AuthorizedClientProvider

An implementation of a ReactiveOAuth2AuthorizedClientProvider for the password grant.

Since:

5.2

See Also:

ReactiveOAuth2AuthorizedClientProvider, WebClientReactivePasswordTokenResponseClient

Constructor Summary

Constructors

Constructor and Description
PasswordReactiveOAuth2AuthorizedClientProvider()

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<OAuth2AuthorizedClient>	authorize(OAuth2AuthorizationContext context) Attempt to authorize (or re-authorize) the client in the provided context.
void	setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.
void	setClock(java.time.Clock clock) Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
void	setClockSkew(java.time.Duration clockSkew) Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordReactiveOAuth2AuthorizedClientProvider

public PasswordReactiveOAuth2AuthorizedClientProvider()

Method Detail

authorize

public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context)

Attempt to authorize (or re-authorize) the client in the provided context. Returns an empty Mono if authorization (or re-authorization) is not supported, e.g. the client's authorization grant type is not password OR the username and/or password attributes are not available in the provided context OR the access token is not expired.

The following context attributes are supported:

1. OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME (required) - a String value for the resource owner's username
2. OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME (required) - a String value for the resource owner's password

Specified by:

authorize in interface ReactiveOAuth2AuthorizedClientProvider

Parameters:

context - the context that holds authorization-specific state for the client

Returns:

the OAuth2AuthorizedClient or an empty Mono if authorization (or re-authorization) is not supported

setAccessTokenResponseClient

public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient)

Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.

Parameters:

accessTokenResponseClient - the client used when requesting an access token credential at the Token Endpoint for the password grant

setClockSkew

public void setClockSkew(java.time.Duration clockSkew)

Sets the maximum acceptable clock skew, which is used when checking the access token expiry. The default is 60 seconds.

An access token is considered expired if OAuth2AccessToken#getExpiresAt() - clockSkew is before the current time clock#instant().

Parameters:

clockSkew - the maximum acceptable clock skew

setClock

public void setClock(java.time.Clock clock)

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

Parameters:

clock - the clock