默认情况下OAuth2.0 客户端模式(client_credentials)不支持refresh code。现在由于业务的关系,需要支持refresh code。
在Spring OAuth2.0中 client_credentials模式对应的类是ClientCredentialsTokenGranter
在此类中有个变量可以控制是否返回refreshcode,此成员变量是allowRefresh,默认值为false。在此类的在grant()方法中,如果allowRefresh=false,则会将OAuth2AccessToken实例中的refreshCode值设置为null。所以如果要client_credentials模式返回refreshcode,则只需要调用setAllowRefresh()设置allowRefresh为true即可。
ClientCredentialsTokenGranter.java源码如下:
public class ClientCredentialsTokenGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "client_credentials";
private boolean allowRefresh = false;
// 可以设置
public void setAllowRefresh(boolean allowRefresh) {
this.allowRefresh = allowRefresh;
}
@Override
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
OAuth2AccessToken token = super.grant(grantType, tokenRequest);
if (token != null) {
DefaultOAuth2AccessToken norefresh = new DefaultOAuth2AccessToken(token);
// The spec says that client credentials should not be allowed to get a refresh token
if (!allowRefresh) {
// 删除refresh code的值
norefresh.setRefreshToken(null);
}
token = norefresh;
}
ret