Announcement Announcement Module
No announcement yet.
Availability of OAuth2AccessToken additional information within resource server Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Availability of OAuth2AccessToken additional information within resource server

    I have a separate auth server and resource server. In the auth server, I set additional information on the token, which I would like to read back in the resource server. The only way I can see to do this is to load the OAuth2AccessToken like so:
     OAuth2AccessToken accessToken = tokenStore.getAccessToken((OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication());
     Map<String, Object> additionalInformation = accessToken.getAdditionalInformation();
    However, this seems redundant since the DefaultTokenServices has already loaded the OAuth2AccessToken as part of the authentication process (called from OAuth2AuthenticationManager):
        public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException {
            OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
            OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
            return result;
    It would be better to have the token's additional information available in the OAuth2Authentication object, but I don't see it there. Am I missing something, or should this be an enhancement request?

    Thank you.

  • #2
    I should mention that I"m using version 1.0.5.RELEASE. I'm not sure if this is set to change in 2.0.