Spring OAUTH2 - Access token expiry time
Solution 1
To update the expiry time of an access token globally you should have to create instance of the DefaultTokenServices
& inject into the AuthorizationServerEndpointsConfigurer
like this :
public AuthorizationServerTokenServices customTokenServices(){
TokenServices tokenServices = new DefaultTokenServices();
tokenServices.setReuseAccessToken(reuseAccessToken);
tokenServices.setTokenStore(tokenStore());
tokenServices.setSupportRefreshToken(true);
tokenServices.setAccessTokenValiditySeconds(<seconds>);
tokenServices.setClientDetailsService(clientDetailsService);
return tokenServices;
}
& put this tokenServices
in AuthorizationServerEndpointsConfigurer
like this.
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(customTokenServices()).
}
Solution 2
You can set the expiry time of an access token during client configuration. Changing values here will be updated in the jdbc token store.
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.withClient("my-client-with-password")
.authorizedGrantTypes("password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(30);
For this you have to delete the the existing client details from the database. Next time a token call is made, these client details will be added into the database, along with your updated validity time.
Related videos on Youtube
Sri
Updated on June 04, 2022Comments
-
Sri almost 2 years
Is it possible to update/reset the expiry time of an access token programatically? If yes, which class/filter would be the best place to do it so that expiry time can be updated in JDBC token store.
-
zkvarz almost 6 yearsIn the class that extends 'AuthorizationServerConfigurerAdapter' I've used lines above. But 'TokenServices' didn't exist so I've used 'DefaultTokenServices' and I think it worked.
-
russellhoff over 5 yearsThanks! It's really important to set ClientDetailsService in case you don't use in memory clients.