Package com.broadleafcommerce.auth.user.session.token.enhancer

Class RegisteredClaimsAccessTokenEnhancer

java.lang.Object

com.broadleafcommerce.auth.user.session.token.enhancer.RegisteredClaimsAccessTokenEnhancer

All Implemented Interfaces:

JwtAccessTokenEnhancer, org.springframework.core.Ordered

public class RegisteredClaimsAccessTokenEnhancer
extends Object
implements JwtAccessTokenEnhancer

Token enhancer that adds several registered JWT claims, such as issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime of a token.

The max claim differs from "exp" in that it determines the maximum lifetime of a session. The default is 720 minutes (12 hours), but this may be configured via the property broadleaf.auth.session.maxDurationMinutes

Author:

Samarth Dhruva (samarthd)

Field Summary

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor	Description
RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService)
RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps, AuthorizedClientService<AuthorizedClient> authorizedClientService, int maxSessionDurationMinutes)

Method Summary

Modifier and Type	Method	Description
protected List<String>	determineAudiences(JwtTokenEnhancerContext context)
void	enhance(JwtTokenEnhancerContext context)	Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.
protected AuthorizedClientService<AuthorizedClient>	getAuthorizedClientService()
protected Duration	getMaxSessionDurationMinutes()
protected AuthorizationServerProperties	getSecurityProps()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.broadleafcommerce.auth.user.session.token.enhancer.JwtAccessTokenEnhancer

getOrder

Constructor Details

RegisteredClaimsAccessTokenEnhancer

public RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps,
 AuthorizedClientService<AuthorizedClient> authorizedClientService,
 int maxSessionDurationMinutes)

RegisteredClaimsAccessTokenEnhancer

public RegisteredClaimsAccessTokenEnhancer(AuthorizationServerProperties securityProps,
 AuthorizedClientService<AuthorizedClient> authorizedClientService)

Method Details

enhance

public void enhance(JwtTokenEnhancerContext context)

Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.

Do note that "oauth2-resource" is placed into the audience claim, as it is explicitly checked for its presence as a resourceId when processing requests.

Specified by:

enhance in interface JwtAccessTokenEnhancer

Parameters:

context - The JwtTokenEnhancerContext to evaluate.

determineAudiences

protected List<String> determineAudiences(JwtTokenEnhancerContext context)

getSecurityProps

protected AuthorizationServerProperties getSecurityProps()

getAuthorizedClientService

protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()

getMaxSessionDurationMinutes

protected Duration getMaxSessionDurationMinutes()