Shulou(Shulou.com)06/02 Report--

SpringSecurityOAuth2 how to customize token information, in view of this question, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

OAuth3's default token returns a maximum of 5 parameters (only 4 in client_credentials mode without refresh_token). Here is an example of a return:

{"access_token": "1e93bc23-32c8-428f-a126-8206265e17b2", "token_type": "bearer", "refresh_token": "0f083e06-be1b-411f-98b0-72be8f1da8af", "expires_in": 3599, "scope": "auth api"}

Then the token we need may need to add custom parameters such as username:

{"access_token": "1e93bc23-32c8-428f-a126-8206265e17b2", "token_type": "bearer", "refresh_token": "0f083e06-be1b-411f-98b0-72be8f1da8af", "expires_in": 3599, "scope": "auth api", "username": "username"}

The specific steps to implement a custom token are as follows: create a new custom token with custom token information and return MyTokenEnhancer to implement the TokenEnhancer API to override the enhance method:

/ * * @ Description Custom token return value * @ Author wwz * @ Date 2019-07-31 * @ Param * @ Return * / public class MyTokenEnhancer implements TokenEnhancer {@ Override public OAuth3AccessToken enhance (OAuth3AccessToken accessToken, OAuth3Authentication authentication) {User user = (User) authentication.getPrincipal (); final Map additionalInfo = new HashMap (); additionalInfo.put ("username", user.getUsername ()); (DefaultOAuth3AccessToken) accessToken) .setAdditionalInformation (additionalInfo) Return accessToken;}}

Then add MyTokenEnhancer to the authentication service configuration AuthorizationServerEndpointsConfigurer. Highlight here because I specified defaultTokenServices () here, so I have to add configuration to this method.

Also, if you have generated an uncustomized token message, you need to delete the token in redis to test the results again, otherwise your results will always be wrong, because the token will not be regenerated if it has not expired.

This is the answer to the question about how to customize the token information in SpringSecurityOAuth2. I hope the above content can be of some help to you. If you still have a lot of doubts to solve, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.