Announcement Announcement Module
No announcement yet.
OAth2 -- Returning custom parameters with access token grant Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAth2 -- Returning custom parameters with access token grant

    The final spec seems to indicate that the access token grant response can include custom parameters sent back to the client:

    Section 5.1 shows a sample successful response as:
    HTTP/1.1 200 OK
    Content-Type: application/json;charset=UTF-8
    Cache-Control: no-store
    Pragma: no-cache

    Is there anyway to do this with current implementation. Looking at the TokenEndpoint, the response is generated using the following method which doesn't seem to provide for custom parameters or extension:

    private ResponseEntity<OAuth2AccessToken> getResponse(OAuth2AccessToken accessToken) {
    		HttpHeaders headers = new HttpHeaders();
    		headers.set("Cache-Control", "no-store");
    		headers.set("Pragma", "no-cache");
    		return new ResponseEntity<OAuth2AccessToken>(accessToken, headers, HttpStatus.OK);

  • #2
    That method isn't supposed to modify the OAuth2AccessToken. When the token is generated you have the option to add additional stuff - look at TokenEnhancer and AuthorizationRequestManager for the main strategies.


    • #3
      That worked. I extended TokenEnhancer and overrode the enhance() it to add the additional information into the returned OAuth2AccessToken.