- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 173字
- 2021-07-08 09:35:11
There's more...
As presented by this recipe, the grant types allowed for using refresh tokens are the Authorization Code and Password grant types. Notice that both grant types are aimed at confidential clients. That is, applications capable of using both described grant types are client types which are able to store confidential data in a safe manner. When working with public clients, you are not supposed to use refresh tokens because public clients can't store the refresh token safely.
The request for an access token when using refresh tokens must also be encrypted by SSL/TLS, as mentioned before, initiating any interaction between the OAuth 2.0 Provider and the client.
If you are using a custom UserDetailsService, you have to inject it within the AuthorizationServer configuration class and have to set up the UserDetailsService property for AuthorizationServerEndpointsConfigurer (the same as way we did for AuthenticationManager). This has to be set up because when trying to refresh an access token, the Resource Owner could have redefined her credentials which could invalidate the permission granted before.
推薦閱讀
- 數據科學實戰手冊(R+Python)
- Getting Started with Gulp(Second Edition)
- What's New in TensorFlow 2.0
- Nginx Essentials
- SQL基礎教程(視頻教學版)
- 軟件架構:Python語言實現
- Active Directory with PowerShell
- 區塊鏈技術與應用
- IBM Cognos Business Intelligence 10.1 Dashboarding cookbook
- 一本書講透Java線程:原理與實踐
- 機器學習微積分一本通(Python版)
- Applied Deep Learning with Python
- CryENGINE Game Programming with C++,C#,and Lua
- 趣學數據結構
- MATLAB從入門到精通