Package org.springframework.security.oauth2.server.resource.introspection

Class SpringOpaqueTokenIntrospector

java.lang.Object

org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

All Implemented Interfaces:

OpaqueTokenIntrospector

public class SpringOpaqueTokenIntrospector
extends Object
implements OpaqueTokenIntrospector

A Spring implementation of OpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.

Since:

5.6

Constructor Summary

Constructors

Constructor	Description
SpringOpaqueTokenIntrospector(String introspectionUri, String clientId, String clientSecret)	Creates a OpaqueTokenAuthenticationProvider with the provided parameters
SpringOpaqueTokenIntrospector(String introspectionUri, org.springframework.web.client.RestOperations restOperations)	Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.

Method Summary

Modifier and Type	Method	Description
org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal	introspect(String token)	Introspect and verify the given token, returning its attributes.
void	setRequestEntityConverter(org.springframework.core.convert.converter.Converter<String,org.springframework.http.RequestEntity<?>> requestEntityConverter)	Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpringOpaqueTokenIntrospector

public SpringOpaqueTokenIntrospector(String introspectionUri,
 String clientId,
 String clientSecret)

Creates a OpaqueTokenAuthenticationProvider with the provided parameters

Parameters:

introspectionUri - The introspection endpoint uri

clientId - The client id authorized to introspect

clientSecret - The client's secret

SpringOpaqueTokenIntrospector

public SpringOpaqueTokenIntrospector(String introspectionUri,
 org.springframework.web.client.RestOperations restOperations)

Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.

Parameters:

introspectionUri - The introspection endpoint uri

restOperations - The client for performing the introspection request

Method Details

introspect

public org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal introspect(String token)

Description copied from interface: OpaqueTokenIntrospector

Introspect and verify the given token, returning its attributes. Returning a Map is indicative that the token is valid.

Specified by:

introspect in interface OpaqueTokenIntrospector

Parameters:

token - the token to introspect

Returns:

the token's attributes

setRequestEntityConverter

public void setRequestEntityConverter(org.springframework.core.convert.converter.Converter<String,org.springframework.http.RequestEntity<?>> requestEntityConverter)

Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.

Parameters:

requestEntityConverter - the Converter used for converting to a RequestEntity representation of the token introspection request