Announcement Announcement Module
Collapse
No announcement yet.
OAth2 -- Returning custom parameters with access token grant Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAth2 -- Returning custom parameters with access token grant

    The final spec seems to indicate that the access token grant response can include custom parameters sent back to the client:

    Section 5.1 shows a sample successful response as:
    HTTP/1.1 200 OK
    Content-Type: application/json;charset=UTF-8
    Cache-Control: no-store
    Pragma: no-cache

    {
    "access_token":"2YotnFZFEjr1zCsicMWpAA",
    "token_type":"example",
    "expires_in":3600,
    "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
    "example_parameter":"example_value"
    }
    Is there anyway to do this with current implementation. Looking at the TokenEndpoint, the response is generated using the following method which doesn't seem to provide for custom parameters or extension:

    Code:
    private ResponseEntity<OAuth2AccessToken> getResponse(OAuth2AccessToken accessToken) {
    		HttpHeaders headers = new HttpHeaders();
    		headers.set("Cache-Control", "no-store");
    		headers.set("Pragma", "no-cache");
    		return new ResponseEntity<OAuth2AccessToken>(accessToken, headers, HttpStatus.OK);
    	}

  • #2
    That method isn't supposed to modify the OAuth2AccessToken. When the token is generated you have the option to add additional stuff - look at TokenEnhancer and AuthorizationRequestManager for the main strategies.

    Comment


    • #3
      That worked. I extended TokenEnhancer and overrode the enhance() it to add the additional information into the returned OAuth2AccessToken.

      Thanks!

      Comment

      Working...
      X