Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Customize Spring Security OAuth 2 Response

In my Java app, I'm using the Spring Security OAuth 2 library to implement an OAuth provider. The response to a successful authentication (for the authorization_code grant type) is something like:

{"access_token": "d179bf70-aa40-4df9-a3e1-440e835c273a", 
"expires_in": "43199", 
"refresh_token": "879e7bd0-5e0f-48a9-b64d-f61d5665bf4e", 
"scope": "read", 
"token_type": "bearer"}

Is there a way to add additional properties to this response, e.g. the user's name or email address?

like image 291
Antonio Dragos Avatar asked Apr 24 '15 14:04

Antonio Dragos


1 Answers

Spring OAuth2 allows you to put arbitrary values in the OAuth2AccessToken via its additionalInfo property. You can inject as much as you need in an AccessTokenConverter (which in turn can be added to the DefaultTokenServices easily via configuration callbacks). I'm not really sure why you need it though, and I would consider your use case carefully before sending additional values for consumption by clients (they are supposed to just use the token value, which is opaque).

like image 51
Dave Syer Avatar answered Nov 06 '22 13:11

Dave Syer