Class DefaultAuthorizationCodeServices
java.lang.Object
org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
com.broadleafcommerce.auth.security.service.DefaultAuthorizationCodeServices
- All Implemented Interfaces:
org.springframework.security.oauth2.provider.code.AuthorizationCodeServices
public class DefaultAuthorizationCodeServices
extends org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
Implementation of
AuthorizationCodeServices
that better handles our AuthCode
domain compared to the Spring provided JdbcAuthorizationCodeServices
. This also handles
enabling the Proof-Key-for-Code-Exchange enhancement to the Authorization Code Flow.
Read more here.- Author:
- Nick Crum (ncrum)
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefaultAuthorizationCodeServices
(AuthCodeRepository authCodeRepository, com.broadleafcommerce.common.extension.TypeFactory typeFactory) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.oauth2.provider.OAuth2Authentication
consumeAuthorizationCode
(String authorizationCode, String codeVerifier) Added to support the PKCE flow where acode_verifier
param is also supplied.protected String
createCodeChallengeFromVerifier
(String codeVerifier) protected AuthCodeRepository
protected AuthorizationServerProperties
protected com.broadleafcommerce.common.extension.TypeFactory
protected boolean
isCodeChallengeMethodSupported
(String codeChallengeMethod) protected org.springframework.security.oauth2.provider.OAuth2Authentication
void
setAuthorizationServerProperties
(AuthorizationServerProperties authorizationServerProperties) protected void
store
(String code, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) protected void
validateCodeChallenge
(org.springframework.security.oauth2.provider.OAuth2Authentication authentication) Validates authorization requests whenAuthorizationServerProperties.isPkceEnabled()
is true.protected void
validateCodeVerifier
(String codeVerifier, AuthCode authCode) Methods inherited from class org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
consumeAuthorizationCode, createAuthorizationCode
-
Field Details
-
CODE_CHALLENGE
- See Also:
-
CODE_CHALLENGE_METHOD
- See Also:
-
-
Constructor Details
-
DefaultAuthorizationCodeServices
public DefaultAuthorizationCodeServices(AuthCodeRepository authCodeRepository, com.broadleafcommerce.common.extension.TypeFactory typeFactory)
-
-
Method Details
-
consumeAuthorizationCode
@Nullable public org.springframework.security.oauth2.provider.OAuth2Authentication consumeAuthorizationCode(String authorizationCode, @Nullable String codeVerifier) Added to support the PKCE flow where acode_verifier
param is also supplied.- Parameters:
authorizationCode
- The auth codecodeVerifier
- The code verifier- Returns:
- The authentications associated with the code.
- Throws:
org.springframework.security.oauth2.common.exceptions.InvalidGrantException
- if the authorization code orcode_verifier
are invalid.org.springframework.security.oauth2.common.exceptions.InvalidRequestException
- if thecode_verifier
is missing andAuthorizationServerProperties.isPkceEnabled()
is true.
-
store
protected void store(String code, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) - Specified by:
store
in classorg.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
-
remove
@Nullable protected org.springframework.security.oauth2.provider.OAuth2Authentication remove(String code) - Specified by:
remove
in classorg.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices
-
validateCodeChallenge
protected void validateCodeChallenge(org.springframework.security.oauth2.provider.OAuth2Authentication authentication) Validates authorization requests whenAuthorizationServerProperties.isPkceEnabled()
is true. This ensures that thecode_challenge
param is present and that thecode_challenge_method
is supported.- Parameters:
authentication
- The Oauth authentication including the original request params.- Throws:
org.springframework.security.oauth2.common.exceptions.InvalidRequestException
- ifcode_challenge
is missing orcode_challenge_method
is unsupported.
-
isCodeChallengeMethodSupported
-
validateCodeVerifier
-
createCodeChallengeFromVerifier
-
getAuthCodeRepository
-
getTypeFactory
protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory() -
setAuthorizationServerProperties
@Autowired public void setAuthorizationServerProperties(AuthorizationServerProperties authorizationServerProperties) -
getAuthorizationServerProperties
-