Spring刷新访问令牌后刷新令牌以更改令牌
[英]Spring OAuth2 refresh token to change after refreshing access token
问题描述
I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token with grant_type=refresh_token , however, spring returns same refresh token. 
我创建了一个身份验证服务器和资源服务器,两者都运行正常,唯一的问题是刷新令牌,我希望在使用grant_type=refresh_token调用POST /oauth/token后更改,但是,spring返回相同的刷新令牌。
I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token? 我想知道在调用oauth端点刷新访问令牌时是否有办法获得新的刷新令牌?
1 个解决方案
解决方案1
16 已采纳 2016-11-30 07:26:16
By taking a look at refreshAccessToken method in the DefaultTokenServices class: 通过查看DefaultTokenServices类中的refreshAccessToken方法:
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
TokenRequest tokenRequest) {
// Omitted
if (!reuseRefreshToken) {
tokenStore.removeRefreshToken(refreshToken);
refreshToken = createRefreshToken(authentication);
}
// Omitted
}
You should somehow set the reuseRefreshToken flag to false . 您应该以某种方式将reuseRefreshToken标志设置为false 。 You can do that in your AuthorizationServerConfigurerAdapter implementation: 您可以在AuthorizationServerConfigurerAdapter实现中执行此操作:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
// Other methods
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.reuseRefreshTokens(false);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.