can I include user information while issuing an access token?
I have seen in some oauth2 implementations additional information on the response returned by the authorization server when it issues access tokens. I\'m wondering if there
-
If you are using Spring's
JwtAccessTokenConverterorDefaultAccessTokenConverteryou can add your custom CustomTokenEnhancer (see first response) and apply it using a TokenEnhancerChain like this:@Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { TokenEnhancerChain enhancerChain = new TokenEnhancerChain(); enhancerChain.setTokenEnhancers(Arrays.asList(customTokenEnhancer(), accessTokenConverter())); endpoints.tokenStore(tokenStore()) .tokenEnhancer(enhancerChain) .authenticationManager(authenticationManager); } @Bean protected JwtAccessTokenConverter jwtTokenEnhancer() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey("my_signing_key"); return converter; } @Bean public TokenEnhancer customTokenEnhancer() { return new CustomTokenEnhancer(); }Another solution is to create a custom TokenConverter that extends Spring's
JwtAccessTokenConverterand override the enhance() method with your custom claims.public class CustomTokenConverter extends JwtAccessTokenConverter { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { final MapAnd then:
@Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.tokenStore(tokenStore()) .tokenEnhancer(customTokenEnhancer()) .authenticationManager(authenticationManager); } @Bean public CustomTokenConverter customTokenEnhancer() { return new CustomTokenConverter(); }
加载中...
- 热议问题