In [previous post], we talked about how when a third party agrees to an authorization it will call
redirectUri to send a return receipt to our server. Our server gets an intermediate authorization credential and authenticates again for the purpose of obtaining a Token. And this logic is responsible by
OAuth2LoginAuthenticationProvider, after the analysis of [previous article] we found that the specific logic to obtain Token is done by
OAuth2AuthorizationCodeAuthenticationProvider, today we will to make its process clear, to see Spring Security OAuth2 authentication authorization to obtain Token the specific steps.
Note: The OAuth2 related part of this tutorial series is using Spring Security 5.x version.
This class is an implementation of
AuthenticationProvider for the Authorization Code Grant pattern in OAuth 2.0. A quick note about
AuthenticationProvider, it is very important! Be sure to check out the analysis and usage, it is an important entry point for you to extend the channels of authentication methods according to your business.
This implementation contains an
OAuth2AccessTokenResponseClient member variable that abstracts the details of obtaining a Token from an authentication server via the
tokenUri endpoint. You can implement it according to the four patterns commonly used in OAuth 2.0 to achieve the ability to obtain Token according to different policies.
The default configuration for OAuth 2.0 login in Spring Security 5 uses
DefaultAuthorizationCodeTokenResponseClient. If you want to use a custom implementation you can configure it via
Next we look at the logic of getting Token implemented by
- organize the parameters
RestOperationsto initiate the request.
- parse the
ResponseEntityto organize the return value.
If some OAuth 2.0 authentication servers get Token in a special way you can implement your own
OAuth2AccessTokenResponseClient is the core point of
OAuth2AuthorizationCodeAuthenticationProvider. Figure out its role and mechanism will be fine. Here we summarize the
OAuth2AuthorizationCodeAuthenticationProvider authentication process.
- detect whether the status of the unauthenticated
- request OAuth 2.0 authentication server to obtain Token and other information through
- Assemble the authenticated authorization
OAuth2AuthorizationCodeAuthenticationTokenand return it.