Package org.springframework.security.oauth2.server.authorization.authentication

Class OAuth2AuthorizationCodeRequestAuthenticationProvider

java.lang.Object

org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public final class OAuth2AuthorizationCodeRequestAuthenticationProvider
extends Object
implements AuthenticationProvider

An AuthenticationProvider implementation for the OAuth 2.0 Authorization Request used in the Authorization Code Grant.

Since:

7.0

See Also:

• OAuth2AuthorizationCodeRequestAuthenticationToken
• OAuth2AuthorizationCodeRequestAuthenticationValidator
• OAuth2AuthorizationCodeAuthenticationProvider
• OAuth2AuthorizationConsentAuthenticationProvider
• RegisteredClientRepository
• OAuth2AuthorizationService
• OAuth2AuthorizationConsentService
• Section 4.1.1 Authorization Request
• Section 3.1.2.1 Authentication Request

Constructor Summary

Constructors

Constructor	Description
OAuth2AuthorizationCodeRequestAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService, OAuth2AuthorizationConsentService authorizationConsentService)	Constructs an OAuth2AuthorizationCodeRequestAuthenticationProvider using the provided parameters.

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication authentication)	Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
void	setAuthenticationValidator(Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authenticationValidator)	Sets the Consumer providing access to the OAuth2AuthorizationCodeRequestAuthenticationContext and is responsible for validating specific OAuth 2.0 Authorization Request parameters associated in the OAuth2AuthorizationCodeRequestAuthenticationToken.
void	setAuthorizationCodeGenerator(OAuth2TokenGenerator<OAuth2AuthorizationCode> authorizationCodeGenerator)	Sets the OAuth2TokenGenerator that generates the OAuth2AuthorizationCode.
void	setAuthorizationConsentRequired(Predicate<OAuth2AuthorizationCodeRequestAuthenticationContext> authorizationConsentRequired)	Sets the Predicate used to determine if authorization consent is required.
boolean	supports(Class<?> authentication)	Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2AuthorizationCodeRequestAuthenticationProvider

public OAuth2AuthorizationCodeRequestAuthenticationProvider(RegisteredClientRepository registeredClientRepository,
 OAuth2AuthorizationService authorizationService,
 OAuth2AuthorizationConsentService authorizationConsentService)

Constructs an OAuth2AuthorizationCodeRequestAuthenticationProvider using the provided parameters.

Parameters:

registeredClientRepository - the repository of registered clients

authorizationService - the authorization service

authorizationConsentService - the authorization consent service

Method Details

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Description copied from interface: AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authentication - the authentication request object.

Returns:

a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.

Throws:

AuthenticationException - if authentication fails.

supports

public boolean supports(Class<?> authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented Authentication object. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Returns:

true if the implementation can more closely evaluate the Authentication class presented

setAuthorizationCodeGenerator

public void setAuthorizationCodeGenerator(OAuth2TokenGenerator<OAuth2AuthorizationCode> authorizationCodeGenerator)

Sets the OAuth2TokenGenerator that generates the OAuth2AuthorizationCode.

Parameters:

authorizationCodeGenerator - the OAuth2TokenGenerator that generates the OAuth2AuthorizationCode

setAuthenticationValidator

public void setAuthenticationValidator(Consumer<OAuth2AuthorizationCodeRequestAuthenticationContext> authenticationValidator)

Sets the Consumer providing access to the OAuth2AuthorizationCodeRequestAuthenticationContext and is responsible for validating specific OAuth 2.0 Authorization Request parameters associated in the OAuth2AuthorizationCodeRequestAuthenticationToken. The default authentication validator is OAuth2AuthorizationCodeRequestAuthenticationValidator.

NOTE: The authentication validator MUST throw OAuth2AuthorizationCodeRequestAuthenticationException if validation fails.

Parameters:

authenticationValidator - the Consumer providing access to the OAuth2AuthorizationCodeRequestAuthenticationContext and is responsible for validating specific OAuth 2.0 Authorization Request parameters

setAuthorizationConsentRequired

public void setAuthorizationConsentRequired(Predicate<OAuth2AuthorizationCodeRequestAuthenticationContext> authorizationConsentRequired)

Sets the Predicate used to determine if authorization consent is required.

The OAuth2AuthorizationCodeRequestAuthenticationContext gives the predicate access to the OAuth2AuthorizationCodeRequestAuthenticationToken, as well as, the following context attributes:

• The RegisteredClient associated with the authorization request.
• The OAuth2AuthorizationRequest containing the authorization request parameters.
• The OAuth2AuthorizationConsent previously granted to the RegisteredClient, or null if not available.

Parameters:

authorizationConsentRequired - the Predicate used to determine if authorization consent is required