org.springframework.security.oauth2.client.oidc.authentication

Class OidcAuthorizationCodeReactiveAuthenticationManager

java.lang.Object

org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager

All Implemented Interfaces:

org.springframework.security.authentication.ReactiveAuthenticationManager

public class OidcAuthorizationCodeReactiveAuthenticationManager
extends java.lang.Object
implements org.springframework.security.authentication.ReactiveAuthenticationManager

An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

This AuthenticationProvider is responsible for authenticating an Authorization Code credential with the Authorization Server's Token Endpoint and if valid, exchanging it for an Access Token credential.

It will also obtain the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using an OAuth2UserService, which will create a Principal in the form of an OAuth2User. The OAuth2User is then associated to the OAuth2LoginAuthenticationToken to complete the authentication.

Since:

5.1

See Also:

OAuth2LoginAuthenticationToken, ReactiveOAuth2AccessTokenResponseClient, ReactiveOAuth2UserService, OAuth2User, ReactiveOidcIdTokenDecoderFactory, Section 4.1 Authorization Code Grant Flow, Section 4.1.3 Access Token Request, Section 4.1.4 Access Token Response

Constructor Summary

Constructors

Constructor and Description
OidcAuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, ReactiveOAuth2UserService<OidcUserRequest,org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<org.springframework.security.core.Authentication>	authenticate(org.springframework.security.core.Authentication authentication)
void	setJwtDecoderFactory(org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory) Sets the ReactiveJwtDecoderFactory used for OidcIdToken signature verification.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OidcAuthorizationCodeReactiveAuthenticationManager

public OidcAuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
                                                          ReactiveOAuth2UserService<OidcUserRequest,org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)

Method Detail

authenticate

public reactor.core.publisher.Mono<org.springframework.security.core.Authentication> authenticate(org.springframework.security.core.Authentication authentication)

Specified by:

authenticate in interface org.springframework.security.authentication.ReactiveAuthenticationManager

setJwtDecoderFactory

public final void setJwtDecoderFactory(org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory)

Sets the ReactiveJwtDecoderFactory used for OidcIdToken signature verification. The factory returns a ReactiveJwtDecoder associated to the provided ClientRegistration.

Parameters:

jwtDecoderFactory - the ReactiveJwtDecoderFactory used for OidcIdToken signature verification

Since:

5.2