- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 173字
- 2021-07-08 09:35:11
There's more...
As presented by this recipe, the grant types allowed for using refresh tokens are the Authorization Code and Password grant types. Notice that both grant types are aimed at confidential clients. That is, applications capable of using both described grant types are client types which are able to store confidential data in a safe manner. When working with public clients, you are not supposed to use refresh tokens because public clients can't store the refresh token safely.
The request for an access token when using refresh tokens must also be encrypted by SSL/TLS, as mentioned before, initiating any interaction between the OAuth 2.0 Provider and the client.
If you are using a custom UserDetailsService, you have to inject it within the AuthorizationServer configuration class and have to set up the UserDetailsService property for AuthorizationServerEndpointsConfigurer (the same as way we did for AuthenticationManager). This has to be set up because when trying to refresh an access token, the Resource Owner could have redefined her credentials which could invalidate the permission granted before.
推薦閱讀
- Getting Started with Citrix XenApp? 7.6
- Flask Web全棧開發實戰
- Mastering Concurrency in Go
- Python數據可視化之Matplotlib與Pyecharts實戰
- Python面向對象編程:構建游戲和GUI
- Oracle JDeveloper 11gR2 Cookbook
- Clojure Reactive Programming
- Android應用開發實戰
- 30天學通C#項目案例開發
- Get Your Hands Dirty on Clean Architecture
- 計算機應用基礎案例教程(第二版)
- Java服務端研發知識圖譜
- Building Apple Watch Projects
- Hands-On ROS for Robotics Programming
- 歐姆龍PLC編程指令與梯形圖快速入門