Class PasswordReactiveOAuth2AuthorizedClientProvider
java.lang.Object
org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
- All Implemented Interfaces:
ReactiveOAuth2AuthorizedClientProvider
@Deprecated
public final class PasswordReactiveOAuth2AuthorizedClientProvider
extends Object
implements ReactiveOAuth2AuthorizedClientProvider
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of
the Resource Owner Password Credentials grant. See reference OAuth
2.0 Security Best Current Practice.
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for the
password
grant.- Since:
- 5.2
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<OAuth2AuthorizedClient>
authorize
(OAuth2AuthorizationContext context) Deprecated.Attempt to authorize (or re-authorize) theclient
in the providedcontext
.void
setAccessTokenResponseClient
(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) Deprecated.Sets the client used when requesting an access token credential at the Token Endpoint for thepassword
grant.void
Deprecated.Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.void
setClockSkew
(Duration clockSkew) Deprecated.Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry.
-
Constructor Details
-
PasswordReactiveOAuth2AuthorizedClientProvider
public PasswordReactiveOAuth2AuthorizedClientProvider()Deprecated.
-
-
Method Details
-
authorize
public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext context) Deprecated.Attempt to authorize (or re-authorize) theclient
in the providedcontext
. Returns an emptyMono
if authorization (or re-authorization) is not supported, e.g. the client'sauthorization grant type
is notpassword
OR theusername
and/orpassword
attributes are not available in the providedcontext
OR theaccess token
is not expired.The following
context attributes
are supported:OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME
(required) - aString
value for the resource owner's usernameOAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME
(required) - aString
value for the resource owner's password
- Specified by:
authorize
in interfaceReactiveOAuth2AuthorizedClientProvider
- Parameters:
context
- the context that holds authorization-specific state for the client- Returns:
- the
OAuth2AuthorizedClient
or an emptyMono
if authorization (or re-authorization) is not supported
-
setAccessTokenResponseClient
public void setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient) Deprecated.Sets the client used when requesting an access token credential at the Token Endpoint for thepassword
grant.- Parameters:
accessTokenResponseClient
- the client used when requesting an access token credential at the Token Endpoint for thepassword
grant
-
setClockSkew
Deprecated.Sets the maximum acceptable clock skew, which is used when checking theaccess token
expiry. The default is 60 seconds.An access token is considered expired if
OAuth2AccessToken#getExpiresAt() - clockSkew
is before the current timeclock#instant()
.- Parameters:
clockSkew
- the maximum acceptable clock skew
-
setClock
Deprecated.Sets theClock
used inInstant.now(Clock)
when checking the access token expiry.- Parameters:
clock
- the clock
-