Skip to content

Commit 5482cbb

Browse files
MarcialRosalesMarcialRosales
committed
Customize opaque access token with user's claims
1 parent 82a6b1f commit 5482cbb

File tree

1 file changed

+20
-1
lines changed
  • selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server

1 file changed

+20
-1
lines changed

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import org.springframework.security.web.SecurityFilterChain;
2929
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
3030
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
31+
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
3132

3233
import com.nimbusds.jose.jwk.JWKSet;
3334
import com.nimbusds.jose.jwk.RSAKey;
@@ -116,11 +117,29 @@ private static KeyPair generateRsaKey() {
116117

117118
Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
118119

120+
@Bean
121+
public OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer() {
122+
logger.info("Creating accessTokenCustomizer ...");
123+
return (context) -> {
124+
logger.info("Calling accessTokenCustomizer with tokenType: {}", context.getTokenType().getValue());
125+
AbstractAuthenticationToken principal = context.getPrincipal();
126+
logger.info("registered client: {}", context.getRegisteredClient());
127+
logger.info("principal : {}", principal);
128+
logger.info("token format : {} ",
129+
context.getRegisteredClient().getTokenSettings().getAccessTokenFormat().getValue());
130+
logger.info("authorities : {}", principal.getAuthorities());
131+
logger.info("authorized scopes : {}", context.getAuthorizedScopes());
132+
133+
context.getClaims()
134+
.audience(AudienceAuthority.getAll(principal))
135+
.claim("extra_scope", ScopeAuthority.getAuthorites(principal));
136+
};
137+
}
119138
@Bean
120139
public OAuth2TokenCustomizer<JwtEncodingContext> jwtTokenCustomizer() {
121140
logger.info("Creating jwtTokenCustomizer ...");
122141
return (context) -> {
123-
logger.info("Calling jwtTokenCustomizer with tokenType: {}", context.getTokenType());
142+
logger.info("Calling jwtTokenCustomizer with tokenType: {}", context.getTokenType().getValue());
124143
if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
125144
AbstractAuthenticationToken principal = context.getPrincipal();
126145
logger.info("registered client: {}", context.getRegisteredClient());

0 commit comments

Comments
 (0)