Shulou(Shulou.com)06/02 Report--

This article is to share with you about how OAuth2.0 refreshes token in SpringBootSecurity, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Refresh token

The previous example and configuration are all about applying for authenticators and tokens from scratch. Now let's take a look at how to refresh tokens based on the refresh_token in the return parameter when you get a token. What is configured in the project is the default user name and password in memory mode. The first step is to change it to database query. For more information, please refer to the previous article to see the security configuration class:

Then modify the authorization service configuration class to configure userDetailsService in endpoints:

The way it is modified to a database is also to create a userDetailsService object against which user information is checked when the token is refreshed. This completes the configuration of the refresh token.

test

First, according to the previous normal process, apply for the authorization code, and then get the token:

One parameter in the return parameter is refresh_token, which is specifically used to refresh tokens. Let's take a look at how to refresh tokens. Refreshing tokens is the same as getting tokens, you need to access the same address by post:

/ oauth/token

The difference is that refreshing tokens requires four parameters:

Grant_type: the value must be refresh_token

Client_id

Client_secret

Refresh_token: the refresh_token in the return parameter when the token was last obtained

As you can see from the above four parameters, the only parameter that changes each time in the refresh token is refresh_token. Let's use the refresh_token obtained this time to refresh the token:

You can see that the result of refreshing the token is the same as getting the token from scratch. Replace the above parameters with the refresh_token returned in this refresh request, and you can refresh it again. You can try it a few more times if you are interested.

Code address: https://gitee.com/blueses/spring-boot-security 25

This is how OAuth2.0 refreshes token in SpringBootSecurity. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.