Class AdvancedOAuth2RefreshTokenUtils
java.lang.Object
com.broadleafcommerce.auth.authorization.security.AdvancedOAuth2RefreshTokenUtils
Perform token re-use detection. Detect if a token has been used prior. If so, confirm the
TokenProperties.getRefreshTokenRotationInterval()
is not violated. Moreover, if invalid
re-use is detected, invalidate any active, associated authorizations as a safety measure.-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic org.springframework.security.oauth2.server.authorization.OAuth2Authorization
validateReuse
(String refreshToken, org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, TokenProperties tokenProperties) Validate token re-use for a given refresh token
-
Field Details
-
PREVIOUS_REFRESH_TOKEN_METADATA_KEY
- See Also:
-
-
Method Details
-
validateReuse
@Nullable public static org.springframework.security.oauth2.server.authorization.OAuth2Authorization validateReuse(String refreshToken, org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, TokenProperties tokenProperties) Validate token re-use for a given refresh token- Parameters:
refreshToken
- The refresh token that has already been used priorauthorizationService
- The service for retrieving active authorizationstokenProperties
- Properties governing rotation interval settings- Returns:
- An active authorization to use for refresh, or null if invalid
-