Class RegisteredClaimsTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.RegisteredClaimsTokenEnhancer
- All Implemented Interfaces:
org.springframework.security.oauth2.provider.token.TokenEnhancer
public class RegisteredClaimsTokenEnhancer
extends Object
implements org.springframework.security.oauth2.provider.token.TokenEnhancer
Token enhancer that adds several
registered JWT claims, such as
issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime
of a token.
The max claim differs from "exp" in that it determines the maximum lifetime of a session. The default is 720 minutes (12 hours), but this may be configured via the property broadleaf.auth.session.maxDurationMinutes
- Author:
- Samarth Dhruva (samarthd)
-
Constructor Summary
ConstructorDescriptionRegisteredClaimsTokenEnhancer
(String issuer, List<String> audiences) RegisteredClaimsTokenEnhancer
(String issuer, List<String> audiences, int maxSessionDurationMinutes) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.oauth2.common.OAuth2AccessToken
enhance
(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.protected String
protected Duration
-
Constructor Details
-
RegisteredClaimsTokenEnhancer
-
RegisteredClaimsTokenEnhancer
-
-
Method Details
-
enhance
public org.springframework.security.oauth2.common.OAuth2AccessToken enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.Do note that
"oauth2-resource"
is placed into the audience claim, asOAuth2AuthenticationManager.authenticate(Authentication)
explicitly checks for its presence as aresourceId
when processing requests.- Specified by:
enhance
in interfaceorg.springframework.security.oauth2.provider.token.TokenEnhancer
-
getIssuer
-
getAudiences
-
getMaxSessionDurationMinutes
-