Package org.springframework.security.oauth2.client.web

Class DefaultReactiveOAuth2AuthorizedClientManager

java.lang.Object

org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

All Implemented Interfaces:

ReactiveOAuth2AuthorizedClientManager

public final class DefaultReactiveOAuth2AuthorizedClientManager
extends Object
implements ReactiveOAuth2AuthorizedClientManager

The default implementation of a ReactiveOAuth2AuthorizedClientManager for use within the context of a ServerWebExchange.

(When operating outside of the context of a ServerWebExchange, use AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager instead.)

This is a reactive equivalent of DefaultOAuth2AuthorizedClientManager.

Authorized Client Persistence

This client manager utilizes a ServerOAuth2AuthorizedClientRepository to persist OAuth2AuthorizedClients.

By default, when an authorization attempt succeeds, the OAuth2AuthorizedClient will be saved in the authorized client repository. This functionality can be changed by configuring a custom ReactiveOAuth2AuthorizationSuccessHandler via setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler).

By default, when an authorization attempt fails due to an "invalid_grant" error, the previously saved OAuth2AuthorizedClient will be removed from the authorized client repository. (The "invalid_grant" error generally occurs when a refresh token that is no longer valid is used to retrieve a new access token.) This functionality can be changed by configuring a custom ReactiveOAuth2AuthorizationFailureHandler via setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler).

Since:

5.2

See Also:

• ReactiveOAuth2AuthorizedClientManager
• ReactiveOAuth2AuthorizedClientProvider
• ReactiveOAuth2AuthorizationSuccessHandler
• ReactiveOAuth2AuthorizationFailureHandler

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper	The default implementation of the contextAttributesMapper.

Constructor Summary

Constructors

Constructor	Description
DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrationRepository, ServerOAuth2AuthorizedClientRepository authorizedClientRepository)	Constructs a DefaultReactiveOAuth2AuthorizedClientManager using the provided parameters.

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<OAuth2AuthorizedClient>	authorize(OAuth2AuthorizeRequest authorizeRequest)	Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
void	setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler)	Sets the handler that handles authorization failures.
void	setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler)	Sets the handler that handles successful authorizations.
void	setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider)	Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
void	setContextAttributesMapper(Function<OAuth2AuthorizeRequest,reactor.core.publisher.Mono<Map<String,Object>>> contextAttributesMapper)	Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultReactiveOAuth2AuthorizedClientManager

public DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrationRepository,
 ServerOAuth2AuthorizedClientRepository authorizedClientRepository)

Constructs a DefaultReactiveOAuth2AuthorizedClientManager using the provided parameters.

Parameters:

clientRegistrationRepository - the repository of client registrations

authorizedClientRepository - the repository of authorized clients

Method Details

authorize

public reactor.core.publisher.Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest authorizeRequest)

Description copied from interface: ReactiveOAuth2AuthorizedClientManager

Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId. Implementations must return an empty Mono if authorization is not supported for the specified client, e.g. the associated ReactiveOAuth2AuthorizedClientProvider(s) does not support the authorization grant type configured for the client.

In the case of re-authorization, implementations must return the provided authorized client if re-authorization is not supported for the client OR is not required, e.g. a refresh token is not available OR the access token is not expired.

Specified by:

authorize in interface ReactiveOAuth2AuthorizedClientManager

Parameters:

authorizeRequest - the authorize request

Returns:

the OAuth2AuthorizedClient or an empty Mono if authorization is not supported for the specified client

setAuthorizedClientProvider

public void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider)

Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

Parameters:

authorizedClientProvider - the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client

setContextAttributesMapper

public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest,reactor.core.publisher.Mono<Map<String,Object>>> contextAttributesMapper)

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

Parameters:

contextAttributesMapper - the Function used for supplying the Map of attributes to the authorization context

setAuthorizationSuccessHandler

public void setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler)

Sets the handler that handles successful authorizations. The default saves OAuth2AuthorizedClients in the ServerOAuth2AuthorizedClientRepository.

Parameters:

authorizationSuccessHandler - the handler that handles successful authorizations.

Since:

5.3

setAuthorizationFailureHandler

public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler)

Sets the handler that handles authorization failures.

A RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler is used by default.

Parameters:

authorizationFailureHandler - the handler that handles authorization failures.

Since:

5.3

See Also:

• RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler