2

Im trying to configure spirng oauth2 to return refresh token but its not present below is my config:

@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        ClientDetailsServiceBuilder.ClientBuilder cb = clients.inMemory()
                .withClient(CRAZY_FRONT_CLIENT_ID)
                .secret("yuyuyu")
                .authorizedGrantTypes("refresh_token", "client_credentials", "password")
                .scopes("read", "write", "trust")
                .refreshTokenValiditySeconds(500)

    }

@Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setRefreshTokenValiditySeconds(TEN_DAYS);
        defaultTokenServices.setReuseRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(accessTokenConverter());
        defaultTokenServices.setAccessTokenValiditySeconds(TEN_DAYS);
        return defaultTokenServices;
    }

and the response im getting is:

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJyZWFkIiwid3JpdGUiLCJ0cnVzdCJdLCJleHAiMDU5MTIsImp0aSI6IjY4MDMwOTMyLTgxNzMtNGExMi05OTE0LWExMTYIsImNsaWVudF9pZCI6ImNyYXp5LWZyb250In0.xHjBl_IFENbqGOtjZouJAI_HjHuQyNS3SOOsnJh5LzU",
    "token_type": "bearer",
    "expires_in": 863999,
    "scope": "read write trust",
    "jti": "68030932-8173-4a12-9914-a116541e6ea8"
}

request goes with grant_type=client_credentials

filemonczyk
  • 125
  • 6

1 Answers1

2

That is most probably because Spring OAuth 2.0 is following the OAuth 2.0 specification which says in section 4.3.3: https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3 for the Client Credentials grant type:

... A refresh token SHOULD NOT be included. ...

Community
  • 1
  • 1
Hans Z.
  • 50,496
  • 12
  • 102
  • 115