Spring OAUTH2 - Access token expiry time

spring spring-security-oauth2
14,599

Solution 1

To update the expiry time of an access token globally you should have to create instance of the DefaultTokenServices & inject into the AuthorizationServerEndpointsConfigurer like this :

public AuthorizationServerTokenServices customTokenServices(){
  TokenServices tokenServices = new DefaultTokenServices();
  tokenServices.setReuseAccessToken(reuseAccessToken);
  tokenServices.setTokenStore(tokenStore());
  tokenServices.setSupportRefreshToken(true);
  tokenServices.setAccessTokenValiditySeconds(<seconds>);
  tokenServices.setClientDetailsService(clientDetailsService);
  return tokenServices;
}

& put this tokenServices in AuthorizationServerEndpointsConfigurer like this.

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
  endpoints.tokenServices(customTokenServices()).
}

Solution 2

You can set the expiry time of an access token during client configuration. Changing values here will be updated in the jdbc token store.

public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource)                        
                .withClient("my-client-with-password")
                .authorizedGrantTypes("password")
                .authorities("ROLE_CLIENT") 
                .scopes("read")
                .resourceIds("oauth2-resource")
                .accessTokenValiditySeconds(30);

For this you have to delete the the existing client details from the database. Next time a token call is made, these client details will be added into the database, along with your updated validity time.

Share:
14,599

Related videos on Youtube

Sri
Author by

Sri

Updated on June 04, 2022

Comments

  • Sri
    Sri almost 2 years

    Is it possible to update/reset the expiry time of an access token programatically? If yes, which class/filter would be the best place to do it so that expiry time can be updated in JDBC token store.

  • zkvarz
    zkvarz almost 6 years
    In the class that extends 'AuthorizationServerConfigurerAdapter' I've used lines above. But 'TokenServices' didn't exist so I've used 'DefaultTokenServices' and I think it worked.
  • russellhoff
    russellhoff over 5 years
    Thanks! It's really important to set ClientDetailsService in case you don't use in memory clients.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Spring security OAuth2 accept JSON
How does Spring Oauth2 login redirect work?
Spring @FeignClient with OAuth2FeignRequestInterceptor not working
Spring Security Oauth2: Flow to Handling Expired AccessToken
Extract Currently Logged in User information from JWT token using Spring Security
Error creating bean with name 'scopedTarget.oauth2ClientContext' despite defining RequestContextListener
OAUTH2 spring Error creating bean with name 'springSecurityFilterChain'
Spring OAuth Authorization Server Requires Scope
Spring Boot OAuth2 - Could not obtain user details from token
How to overwrite Spring Cloud OAuth2 client autoconfiguration?