Class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler

java.lang.Object
org.springframework.security.oauth2.client.RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler
All Implemented Interfaces:
ReactiveOAuth2AuthorizationSuccessHandler
public final class RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler extends Object implements ReactiveOAuth2AuthorizationSuccessHandler
A ReactiveOAuth2AuthorizationSuccessHandler that refreshes an OidcUser in the SecurityContext if the refreshed OidcIdToken is valid according to OpenID Connect Core 1.0 - Section 12.2 Successful Refresh Response
Since:
7.1
See Also:

  • Constructor Details

    • RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler

      public RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler()

  • Method Details

    • onAuthorizationSuccess

      public reactor.core.publisher.Mono<Void> onAuthorizationSuccess(OAuth2AuthorizedClient authorizedClient, org.springframework.security.core.Authentication principal, Map<String,Object> attributes)
      Description copied from interface: ReactiveOAuth2AuthorizationSuccessHandler
      Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
      Specified by:
      onAuthorizationSuccess in interface ReactiveOAuth2AuthorizationSuccessHandler
      Parameters:
      authorizedClient - the client that was successfully authorized
      principal - the Principal associated with the authorized client
      attributes - an immutable Map of extra optional attributes present under certain conditions. For example, this might contain a ServerWebExchange if the authorization was performed within the context of a ServerWebExchange.
      Returns:
      an empty Mono that completes after this handler has finished handling the event.

    • setServerSecurityContextRepository

      public void setServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository serverSecurityContextRepository)
      Sets a ServerSecurityContextRepository to use for refreshing a SecurityContext, defaults to WebSessionServerSecurityContextRepository.
      Parameters:
      serverSecurityContextRepository - the ServerSecurityContextRepository to use

    • setJwtDecoderFactory

      public void setJwtDecoderFactory(org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory<ClientRegistration> jwtDecoderFactory)
      Sets a ReactiveJwtDecoderFactory to use for decoding refreshed oidc id-token, defaults to ReactiveOidcIdTokenDecoderFactory.
      Parameters:
      jwtDecoderFactory - the ReactiveJwtDecoderFactory to use

    • setUserService

      public void setUserService(ReactiveOAuth2UserService<OidcUserRequest, org.springframework.security.oauth2.core.oidc.user.OidcUser> userService)
      Sets a ReactiveOAuth2UserService to use for loading an OidcUser from refreshed oidc id-token, defaults to OidcReactiveOAuth2UserService.
      Parameters:
      userService - the ReactiveOAuth2UserService to use

    • setAuthoritiesMapper

      public void setAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper authoritiesMapper)
      Sets a GrantedAuthoritiesMapper to use for mapping GrantedAuthoritys, defaults to no-op implementation.
      Parameters:
      authoritiesMapper - the GrantedAuthoritiesMapper to use

    • setClockSkew

      public void setClockSkew(Duration clockSkew)
      Sets the maximum acceptable clock skew, which is used when checking the AbstractOAuth2Token.getIssuedAt() to match the existing OidcUser.getIdToken()'s issuedAt time, defaults to 60 seconds.
      Parameters:
      clockSkew - the maximum acceptable clock skew to use