spring-security - 如何在 OAUTH 2.0 中设置 expire_in？

Question

我正在使用 OAuth 2.0使用 spring 生成 token ，我想设置 expire_in手动，以便 token 可以根据我的标准过期。有人帮我吗？

这是我的回应:

{
    access_token: "c7a6cb95-1506-40e7-87d1-ddef0a239f64"
    token_type: "bearer"
    expires_in: 43199
    scope: "read"
}

Answer 1

它可以用 ClientBuilder 设置从 ClientDetailsServiceConfigurer 获得.

@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("client")
            .secret("secret")
            .authorizedGrantTypes("authorization_code", "refresh_token", "password")
            .scopes("app")
            .accessTokenValiditySeconds(30);
    }

    // ... additional configuration
}

或直接上 DefaultTokenServices取决于您的需要。

@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        // optionally here you could just get endpoints.getConsumerTokenService()
        // and cast to DefaultTokenServices and just set values needed

        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setTokenStore(endpoints.getTokenStore());
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
        tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
        tokenServices.setAccessTokenValiditySeconds(60);

        endpoints.tokenServices(tokenServices);            
    }
}