每个客户端的 OAuth2 不同令牌过期时间
OAuth2 different token expiration time per client
我正在使用spring-security-oauth2 to implement my OAuth2 Authorization server. spring-security-oauth2 is going away and I understand I need to replace it with spring-authorization-server
问题:
是否可以为不同的客户端设置不同的令牌到期时间(此处客户端代表 client-id/client-secret 对)?
如果是,能否请您分享 spring-authorization-server 周围的 documentation/sample 代码?
如果不是,是 spring-authorization-server 的限制还是 OAuth2 规范不允许?
(澄清一下,我并不是说在 spring-security-oauth2 中是可能的,如果我也想知道的话)
是的,您可以为每个客户设置不同的到期时间。您将使用每个 RegisteredClient 的 tokenSettings,如下例所示:
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("messaging-client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
.redirectUri("http://127.0.0.1:8080/authorized")
.scope(OidcScopes.OPENID)
.scope("message.read")
.scope("message.write")
.tokenSettings(TokenSettings.builder()
.accessTokenTimeToLive(Duration.ofMinutes(5))
.refreshTokenTimeToLive(Duration.ofHours(2))
.build())
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
有关完整上下文,请参阅 sample config。
我正在使用spring-security-oauth2 to implement my OAuth2 Authorization server. spring-security-oauth2 is going away and I understand I need to replace it with spring-authorization-server
问题: 是否可以为不同的客户端设置不同的令牌到期时间(此处客户端代表 client-id/client-secret 对)?
如果是,能否请您分享 spring-authorization-server 周围的 documentation/sample 代码?
如果不是,是 spring-authorization-server 的限制还是 OAuth2 规范不允许?
(澄清一下,我并不是说在 spring-security-oauth2 中是可能的,如果我也想知道的话)
是的,您可以为每个客户设置不同的到期时间。您将使用每个 RegisteredClient 的 tokenSettings,如下例所示:
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("messaging-client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
.redirectUri("http://127.0.0.1:8080/authorized")
.scope(OidcScopes.OPENID)
.scope("message.read")
.scope("message.write")
.tokenSettings(TokenSettings.builder()
.accessTokenTimeToLive(Duration.ofMinutes(5))
.refreshTokenTimeToLive(Duration.ofHours(2))
.build())
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
有关完整上下文,请参阅 sample config。