问题
Is it possible to update/reset the expiry time of an access token programatically? If yes, which class/filter would be the best place to do it so that expiry time can be updated in JDBC token store.
回答1:
To update the expiry time of an access token globally you should have to create instance of the DefaultTokenServices & inject into the AuthorizationServerEndpointsConfigurer like this :
public AuthorizationServerTokenServices customTokenServices(){
TokenServices tokenServices = new DefaultTokenServices();
tokenServices.setReuseAccessToken(reuseAccessToken);
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);
tokenServices.setAccessTokenValiditySeconds(<seconds>);
tokenServices.setClientDetailsService(clientDetailsService);
return tokenServices;
}
& put this tokenServices in AuthorizationServerEndpointsConfigurer like this.
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(customTokenServices()).
}
回答2:
You can set the expiry time of an access token during client configuration. Changing values here will be updated in the jdbc token store.
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.withClient("my-client-with-password")
.authorizedGrantTypes("password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(30);
For this you have to delete the the existing client details from the database. Next time a token call is made, these client details will be added into the database, along with your updated validity time.
来源:https://stackoverflow.com/questions/32994788/spring-oauth2-access-token-expiry-time