Package org.springframework.security.oauth2.client.oidc.authentication

Class OidcAuthorizationCodeAuthenticationProvider

java.lang.Object
org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
All Implemented Interfaces:
org.springframework.security.authentication.AuthenticationProvider
public class OidcAuthorizationCodeAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider
An implementation of an AuthenticationProvider for the OpenID Connect Core 1.0 Authorization Code Grant Flow.

This AuthenticationProvider is responsible for authenticating an Authorization Code credential with the Authorization Server's Token Endpoint and if valid, exchanging it for an Access Token credential.

It will also obtain the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using an OAuth2UserService, which will create a Principal in the form of an OidcUser. The OidcUser is then associated to the OAuth2LoginAuthenticationToken to complete the authentication.

Since:
5.0
See Also:

  • Constructor Details

    • OidcAuthorizationCodeAuthenticationProvider

      public OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient, OAuth2UserService<OidcUserRequest,org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)
      Constructs an OidcAuthorizationCodeAuthenticationProvider using the provided parameters.
      Parameters:
      accessTokenResponseClient - the client used for requesting the access token credential from the Token Endpoint
      userService - the service used for obtaining the user attributes of the End-User from the UserInfo Endpoint

  • Method Details

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • setJwtDecoderFactory

      public final void setJwtDecoderFactory(org.springframework.security.oauth2.jwt.JwtDecoderFactory<ClientRegistration> jwtDecoderFactory)
      Sets the JwtDecoderFactory used for OidcIdToken signature verification. The factory returns a JwtDecoder associated to the provided ClientRegistration.
      Parameters:
      jwtDecoderFactory - the JwtDecoderFactory used for OidcIdToken signature verification
      Since:
      5.2

    • setAuthoritiesMapper

      public final void setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)
      Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()} to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
      Parameters:
      authoritiesMapper - the GrantedAuthoritiesMapper used for mapping the user's authorities

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider