Package com.broadleafcommerce.auth.authorization.security.spring

Class OIDAwareOAuth2RefreshTokenAuthenticationProvider

java.lang.Object
com.broadleafcommerce.auth.authorization.security.spring.OIDAwareOAuth2RefreshTokenAuthenticationProvider
All Implemented Interfaces:
org.springframework.security.authentication.AuthenticationProvider
public final class OIDAwareOAuth2RefreshTokenAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider
An AuthenticationProvider implementation for the OAuth 2.0 Refresh Token Grant. This is a customized version of the original Spring class (OAuth2RefreshTokenAuthenticationProvider). The difference here is that we maintain and OID value in metadata for all refresh tokens. The OID value represents the token value of the original refresh token issued in a token family. A token family represents all the iterations of refresh token rotation since the original refresh token was issued.
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    OIDAwareOAuth2RefreshTokenAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties)
    Constructs an OAuth2RefreshTokenAuthenticationProvider using the provided parameters.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    authenticate(org.springframework.security.core.Authentication authentication)
     
    boolean
    supports(Class<?> authentication)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OIDAwareOAuth2RefreshTokenAuthenticationProvider

      public OIDAwareOAuth2RefreshTokenAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties)
      Constructs an OAuth2RefreshTokenAuthenticationProvider using the provided parameters.
      Parameters:
      authorizationService - the authorization service
      tokenGenerator - the token generator
      Since:
      0.2.3

  • Method Details

    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider