Class PublicRefreshCodeVerifierAuthenticator

java.lang.Object
com.broadleafcommerce.auth.authorization.security.spring.PublicRefreshCodeVerifierAuthenticator

public class PublicRefreshCodeVerifierAuthenticator extends Object
An authenticator used for OAuth 2.0 Client Authentication, which authenticates the PkceParameterNames#CODE_VERIFIER code_verifier parameter. This is a customized version of the original Spring class (CodeVerifierAuthenticator). The difference here is that we allow public clients to also authenticate with a valid refresh token and redirect uri for refresh_token grant flows.
See Also:
  • Constructor Summary

    Constructors
    Constructor
    Description
    PublicRefreshCodeVerifierAuthenticator(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, TokenProperties tokenProperties)
     
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    authenticateIfAvailable(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken clientAuthentication, org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)
     
    void
    authenticateRequired(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken clientAuthentication, org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • PublicRefreshCodeVerifierAuthenticator

      public PublicRefreshCodeVerifierAuthenticator(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, TokenProperties tokenProperties)
  • Method Details

    • authenticateRequired

      public void authenticateRequired(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken clientAuthentication, org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)
    • authenticateIfAvailable

      public void authenticateIfAvailable(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken clientAuthentication, org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)