Package com.broadleafcommerce.auth.security.service

Class DefaultAuthorizationCodeServices

java.lang.Object
org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
com.broadleafcommerce.auth.security.service.DefaultAuthorizationCodeServices
All Implemented Interfaces:
org.springframework.security.oauth2.provider.code.AuthorizationCodeServices
public class DefaultAuthorizationCodeServices extends org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
Implementation of AuthorizationCodeServices that better handles our AuthCode domain compared to the Spring provided JdbcAuthorizationCodeServices. This also handles enabling the Proof-Key-for-Code-Exchange enhancement to the Authorization Code Flow. Read more here.
Author:
Nick Crum (ncrum)

  • Field Details

  • Constructor Details

    • DefaultAuthorizationCodeServices

      public DefaultAuthorizationCodeServices(AuthCodeRepository authCodeRepository, com.broadleafcommerce.common.extension.TypeFactory typeFactory)

  • Method Details

    • consumeAuthorizationCode

      @Nullable public org.springframework.security.oauth2.provider.OAuth2Authentication consumeAuthorizationCode(String authorizationCode, @Nullable String codeVerifier)
      Added to support the PKCE flow where a code_verifier param is also supplied.
      Parameters:
      authorizationCode - The auth code
      codeVerifier - The code verifier
      Returns:
      The authentications associated with the code.
      Throws:
      org.springframework.security.oauth2.common.exceptions.InvalidGrantException - if the authorization code or code_verifier are invalid.
      org.springframework.security.oauth2.common.exceptions.InvalidRequestException - if the code_verifier is missing and AuthorizationServerProperties.isPkceEnabled() is true.

    • store

      protected void store(String code, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
      Specified by:
      store in class org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices

    • remove

      @Nullable protected org.springframework.security.oauth2.provider.OAuth2Authentication remove(String code)
      Specified by:
      remove in class org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices

    • validateCodeChallenge

      protected void validateCodeChallenge(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
      Validates authorization requests when AuthorizationServerProperties.isPkceEnabled() is true. This ensures that the code_challenge param is present and that the code_challenge_method is supported.
      Parameters:
      authentication - The Oauth authentication including the original request params.
      Throws:
      org.springframework.security.oauth2.common.exceptions.InvalidRequestException - if code_challenge is missing or code_challenge_method is unsupported.

    • isCodeChallengeMethodSupported

      protected boolean isCodeChallengeMethodSupported(String codeChallengeMethod)

    • validateCodeVerifier

      protected void validateCodeVerifier(String codeVerifier, AuthCode authCode)

    • createCodeChallengeFromVerifier

      protected String createCodeChallengeFromVerifier(String codeVerifier)

    • getAuthCodeRepository

      protected AuthCodeRepository getAuthCodeRepository()

    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

    • setAuthorizationServerProperties

      @Autowired public void setAuthorizationServerProperties(AuthorizationServerProperties authorizationServerProperties)

    • getAuthorizationServerProperties

      protected AuthorizationServerProperties getAuthorizationServerProperties()