Come impostare expire_in in OAUTH 2.0?

Question

Sto usando OAuth 2.0 con molla per generazione di token e voglio impostare manualmente expire_in così il token può scadere secondo i miei criteri. Qualcuno mi aiuti?

Questa è la mia risposta:

{ 
    access_token: "c7a6cb95-1506-40e7-87d1-ddef0a239f64" 
    token_type: "bearer" 
    expires_in: 43199 
    scope: "read" 
} 

Answer 1

public interface OAuth2AccessToken { 

    public static String BEARER_TYPE = "Bearer"; 

    public static String OAUTH2_TYPE = "OAuth2"; 

    /** 
    * The access token issued by the authorization server. This value is REQUIRED. 
    */ 
    public static String ACCESS_TOKEN = "access_token"; 

    /** 
    * The type of the token issued as described in <a 
    * href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-7.1">Section 7.1</a>. Value is case insensitive. 
    * This value is REQUIRED. 
    */ 
    public static String TOKEN_TYPE = "token_type"; 

    /** 
    * The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will 
    * expire in one hour from the time the response was generated. This value is OPTIONAL. 
    */ 
    public static String EXPIRES_IN = "expires_in"; 

    /** 
    * The refresh token which can be used to obtain new access tokens using the same authorization grant as described 
    * in <a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-6">Section 6</a>. This value is OPTIONAL. 
    */ 
    public static String REFRESH_TOKEN = "refresh_token"; 

    /** 
    * The scope of the access token as described by <a 
    * href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3">Section 3.3</a> 
    */ 
    public static String SCOPE = "scope"; 

    /** 
    * The additionalInformation map is used by the token serializers to export any fields used by extensions of OAuth. 
    * @return a map from the field name in the serialized token to the value to be exported. The default serializers 
    * make use of Jackson's automatic JSON mapping for Java objects (for the Token Endpoint flows) or implicitly call 
    * .toString() on the "value" object (for the implicit flow) as part of the serialization process. 
    */ 
    Map<String, Object> getAdditionalInformation(); 

    Set<String> getScope(); 

    OAuth2RefreshToken getRefreshToken(); 

    String getTokenType(); 

    boolean isExpired(); 

    Date getExpiration(); 

    int getExpiresIn(); 

    String getValue(); 

} 

Answer 2

configurare la configurazione OAuth cambiare il vostro Bean TokenServices e l'impostazione accessTokenValiditySeconds proprietà:

<bean id="tokenServices" 
    class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 
    <property name="accessTokenValiditySeconds" value="1" /> 
    <property name="tokenStore" ref="tokenStore" /> 
    <property name="supportRefreshToken" value="true" /> 
    <property name="clientDetailsService" ref="clientDetails" /> 
</bean> 

Answer 3

• Creare una classe personalizzata di AuthorizationCodeAccessTokenProvider e scavalcare e genitore

  public method obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) 
  

• Nel metodo override della classe personalizzata, invoca la logica del programma della sua classe genitore:

  DefaultOAuth2AccessToken token = super.obtainAccessToken(details, request); 
  

• Questo restituirà un access token. Ora, devi solo per manipolare il valore scaduto di quella pedina direttamente, fornendo un timestamp del passato token.setExpiresIn(int timestamp)

Answer 4

Può essere impostato con un ClientBuilder ottenuto da un ClientDetailsServiceConfigurer.

@Configuration 
@EnableAuthorizationServer 
public class OAuth2Config extends AuthorizationServerConfigurerAdapter { 

    @Override 
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
     clients.inMemory() 
      .withClient("client") 
      .secret("secret") 
      .authorizedGrantTypes("authorization_code", "refresh_token", "password") 
      .scopes("app") 
      .accessTokenValiditySeconds(30); 
    } 

    // ... additional configuration 
} 

o direttamente su DefaultTokenServices a seconda delle necessità.

@Configuration 
@EnableAuthorizationServer 
public class OAuth2Config extends AuthorizationServerConfigurerAdapter { 
    @Override 
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 

     // optionally here you could just get endpoints.getConsumerTokenService() 
     // and cast to DefaultTokenServices and just set values needed 

     DefaultTokenServices tokenServices = new DefaultTokenServices(); 
     tokenServices.setTokenStore(endpoints.getTokenStore()); 
     tokenServices.setSupportRefreshToken(true); 
     tokenServices.setClientDetailsService(endpoints.getClientDetailsService()); 
     tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer()); 
     tokenServices.setAccessTokenValiditySeconds(60); 

     endpoints.tokenServices(tokenServices);    
    } 
} 

Answer 5

Se si utilizza graal provider di protezione OAuth2 è possibile modificare solo graal-app/conf/primavera/resources.groovy

import org.springframework.security.oauth2.provider.token.DefaultTokenServices 

// Place your Spring DSL code here  

beans = { 

    tokenServices(DefaultTokenServices){ 
    accessTokenValiditySeconds = 600; 
    tokenStore = ref('tokenStore') 
    supportRefreshToken = true; 
    clientDetailsService = ref('clientDetailsService') 
    } 

} 

Answer 6

È anche possibile configurare il DefaultTokenServices nel application.yaml file.

security: 
    oauth2: 
    client: 
     clientId: client-id 
     clientSecret: client-secret 
     authorized-grant-types: authorization_code,refresh_token,password 
     scope: openid 
     access-token-validity-seconds: 30