Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring OAuth2 refresh token to change after refreshing access token

I created an authentication server and resource server, both are working ok, the only problem is with refresh token, I would like it to change after calling POST /oauth/token with grant_type=refresh_token, however, spring returns same refresh token.

I am wondering if there is a way to get a new refresh token when calling oauth endpoint to refresh access token?

like image 297
nspessot Avatar asked Nov 30 '16 03:11

nspessot


1 Answers

By taking a look at refreshAccessToken method in the DefaultTokenServices class:

public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, 
                                            TokenRequest tokenRequest) {

    // Omitted
    if (!reuseRefreshToken) {
        tokenStore.removeRefreshToken(refreshToken);
        refreshToken = createRefreshToken(authentication);
    }
    // Omitted
}

You should somehow set the reuseRefreshToken flag to false. You can do that in your AuthorizationServerConfigurerAdapter implementation:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
    // Other methods

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .reuseRefreshTokens(false);
    }
}
like image 144
Ali Dehghani Avatar answered Oct 12 '22 01:10

Ali Dehghani