Bug: accessTokenValiditySeconds is not set for inMemory client

[1011178l]

version: 2.2.1.RELEASE

Description:

In AuthorizationServerConfig, I overrided the configure(ClientDetailsServiceConfigurer clients) method.

then I use a clients.inMemory() and set the accessTokenVliditySeconds.

Later I find the token I got is still the default value.

I did a bit of deep research, and I find:

in the class DefaultTokenServices, method getAccessTokenValiditySeconds, because this.clientDetailsService is null, so the the custom time will not be used.

Not sure if this is a bug or I misused something.

Cheers,
Lang

for a workaround: https://stackoverflow.com/questions/47292961/spring-security-oauth2-not-using-token-expire-values-from-properties/51784859#51784859

[1011178l]

I am using jdk8, spring boot 2.0.3 Release.

And I found inside AuthorizationServerEndpointsConfiguration, there is a exception fot the autowired ClientDetailsService:

Method threw 'org.springframework.beans.factory.BeanCreationException' exception. Cannot evaluate com.sun.proxy.$Proxy135.toString()

Hope this info may help

[strangerism]

Hello,

I am using springboot 2.1.1.RELEASE and jdk8 and setting accessTokenValiditySeconds through ClientDetailsServiceConfigurer does not work.

I have use instead the DefaultTokenServices

    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(accessTokenConverter());
        defaultTokenServices.setAccessTokenValiditySeconds(60);
        return defaultTokenServices;
    }

[amohoste]

I encountered the same issue and fixed it by specifying the ClientsDetailsService in the DefaultTokenService:

    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(accessTokenConverter());
        defaultTokenServices.setClientDetailsService(clientDetailsService);
        return defaultTokenServices;
    }

[johnloven]

Any news on this?