Spring-security: Provide support for refresh_token grant
We need to provide WebClient support for refreshing an expired access token.
Spec references:
OAuth 2.0 - Refreshing an Access Token
OpenID Connect 1.0 - Using Refresh Tokens
Related #4921
jgrandja
All 4 comments
Related #4509
jgrandja
on 12 Dec 2017
@jgrandja is any of the refresh token repository available in a snapshot form at the moment?
gregsimons
on 10 May 2018
@gregsimons No not at the moment. The HTTP Client integration (e.g. #4921) needs to be implemented first before we tackle this one. We're still planning on getting this in for 5.1 release.
jgrandja
on 10 May 2018
Fixed via 0116c65
Users can now use the following:
WebClient webClient = WebClient.builder()
.filter(new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientService))
.build();
// ....
Mono<String> response = webClient.get()
.uri(uri)
.attributes(oauth2AuthorizedClient(authorizedClient))
// ...
.retrieve()
.bodyToMono(String.class);
If the access token is about to expire and it has a corresponding refresh token, then it will automatically be refreshed and saved. After the refresh is complete, the original request will be made with the updated access token.
rwinch
on 2 Jul 2018
Related issues
aotrzonsek
路
3Comments
spring-issuemaster
路
4Comments
xingfudeshi
路
3Comments
ankurpathak
路
4Comments
mageddo
路
4Comments
Most helpful comment
Fixed via 0116c65
Users can now use the following:
If the access token is about to expire and it has a corresponding refresh token, then it will automatically be refreshed and saved. After the refresh is complete, the original request will be made with the updated access token.