OAuth2 different token expiration time per client

java oauth-2.0 spring-security spring-security-oauth2

I am using spring-security-oauth2 to implement my OAuth2 Authorization server. spring-security-oauth2 is going away and I understand I need to replace it with spring-authorization-server

Question: Is it possible to have different token-expiry-time for different clients (here client represents client-id/client-secret pair)?

If Yes, can you please share documentation/sample code around spring-authorization-server?

If no, is it a limitation of spring-authorization-server OR it is not allowed by OAuth2 spec?

(To clarify, I am NOT saying that it was possible in spring-security-oauth2, if it was I would like to know as well)


Solution 1:

Yes, you can have different expiration times per client. You would use the tokenSettings of each RegisteredClient, as in the following example:

RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("messaging-client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
                .redirectUri("http://127.0.0.1:8080/authorized")
                .scope(OidcScopes.OPENID)
                .scope("message.read")
                .scope("message.write")
                .tokenSettings(TokenSettings.builder()
                        .accessTokenTimeToLive(Duration.ofMinutes(5))
                        .refreshTokenTimeToLive(Duration.ofHours(2))
                        .build())
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

See the sample config for full context.

Related

Tkinter: How to detect screen size and change text size of Labels?
Can't copy media to iPad through iTunes File Sharing because not enough free space is available
What is the current state of syncing Google Tasks and iOS Reminders?
Is there a way to temporarily pause iCloud sync of photos?
"The disk you inserted was not readable by this computer." How do I access info on USB flashdrive?
Only use part of screen?
What SSL VPN client do you recommend for the mac? [closed]
cannot install iOS 7.1 simulator for Xcode 6 (weird file mounting error)
Application specific do not disturb
Safari 8.0 on Yosemite doesn't kill closed tab processes, hogs memory
External Apple USB keyboard, Shift+Tab and Command+Shift+Tab doesn't work
Can spotlight do Int > Hex conversion ?