Class RegisteredClaimsAccessTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.RegisteredClaimsAccessTokenEnhancer
- All Implemented Interfaces:
JwtAccessTokenEnhancer
,org.springframework.core.Ordered
Token enhancer that adds several
registered JWT claims, such as
issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime
of a token.
The max claim differs from "exp" in that it determines the maximum lifetime of a session. The default is 720 minutes (12 hours), but this may be configured via the property broadleaf.auth.session.maxDurationMinutes
- Author:
- Samarth Dhruva (samarthd)
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionRegisteredClaimsAccessTokenEnhancer
(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService) RegisteredClaimsAccessTokenEnhancer
(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService, int maxSessionDurationMinutes) -
Method Summary
Modifier and TypeMethodDescriptionvoid
enhance
(JwtTokenEnhancerContext context) Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.protected AuthorizedClientService<AuthorizedClient>
protected Duration
protected AuthorizationServerProperties
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.broadleafcommerce.auth.user.session.token.enhancer.JwtAccessTokenEnhancer
getOrder
-
Constructor Details
-
RegisteredClaimsAccessTokenEnhancer
public RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService, int maxSessionDurationMinutes) -
RegisteredClaimsAccessTokenEnhancer
public RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
-
Method Details
-
enhance
Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.Do note that
"oauth2-resource"
is placed into the audience claim, as it is explicitly checked for its presence as aresourceId
when processing requests.- Specified by:
enhance
in interfaceJwtAccessTokenEnhancer
- Parameters:
context
- TheJwtTokenEnhancerContext
to evaluate.
-
determineAudiences
-
getSecurityProps
-
getAuthorizedClientService
-
getMaxSessionDurationMinutes
-