I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token
with grant_type=refresh_token
, however, spring returns same refresh token.
I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token?
By taking a look at refreshAccessToken
method in the DefaultTokenServices
class:
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
TokenRequest tokenRequest) {
// Omitted
if (!reuseRefreshToken) {
tokenStore.removeRefreshToken(refreshToken);
refreshToken = createRefreshToken(authentication);
}
// Omitted
}
You should somehow set the reuseRefreshToken
flag to false
. You can do that in your AuthorizationServerConfigurerAdapter
implementation:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
// Other methods
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.reuseRefreshTokens(false);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With