[英]Spring OAuth2 refresh token to change after refreshing access token
I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token
with grant_type=refresh_token
, however, spring returns same refresh token. 我创建了一个身份验证服务器和资源服务器,两者都运行正常,唯一的问题是刷新令牌,我希望在使用
grant_type=refresh_token
调用POST /oauth/token
后更改,但是,spring返回相同的刷新令牌。
I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token? 我想知道在调用oauth端点刷新访问令牌时是否有办法获得新的刷新令牌?
By taking a look at refreshAccessToken
method in the DefaultTokenServices
class: 通过查看
DefaultTokenServices
类中的refreshAccessToken
方法:
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
TokenRequest tokenRequest) {
// Omitted
if (!reuseRefreshToken) {
tokenStore.removeRefreshToken(refreshToken);
refreshToken = createRefreshToken(authentication);
}
// Omitted
}
You should somehow set the reuseRefreshToken
flag to false
. 您应该以某种方式将
reuseRefreshToken
标志设置为false
。 You can do that in your AuthorizationServerConfigurerAdapter
implementation: 您可以在
AuthorizationServerConfigurerAdapter
实现中执行此操作:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
// Other methods
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.reuseRefreshTokens(false);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.