- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 173字
- 2021-07-08 09:35:11
There's more...
As presented by this recipe, the grant types allowed for using refresh tokens are the Authorization Code and Password grant types. Notice that both grant types are aimed at confidential clients. That is, applications capable of using both described grant types are client types which are able to store confidential data in a safe manner. When working with public clients, you are not supposed to use refresh tokens because public clients can't store the refresh token safely.
The request for an access token when using refresh tokens must also be encrypted by SSL/TLS, as mentioned before, initiating any interaction between the OAuth 2.0 Provider and the client.
If you are using a custom UserDetailsService, you have to inject it within the AuthorizationServer configuration class and have to set up the UserDetailsService property for AuthorizationServerEndpointsConfigurer (the same as way we did for AuthenticationManager). This has to be set up because when trying to refresh an access token, the Resource Owner could have redefined her credentials which could invalidate the permission granted before.
推薦閱讀
- Visual Basic程序設計(第3版):學習指導與練習
- 青少年美育趣味課堂:XMind思維導圖制作
- 從程序員到架構師:大數據量、緩存、高并發、微服務、多團隊協同等核心場景實戰
- CKA/CKAD應試教程:從Docker到Kubernetes完全攻略
- SQL Server從入門到精通(第3版)
- 深入理解BootLoader
- Magento 2 Beginners Guide
- PHP+MySQL動態網站開發從入門到精通(視頻教學版)
- 數據分析與挖掘算法:Python實戰
- Mastering PowerCLI
- MATLAB 2020 GUI程序設計從入門到精通
- Jakarta EE Cookbook
- Hadoop Blueprints
- Mastering ASP.NET Web API
- 分布式系統架構與開發:技術原理與面試題解析