4 years ago · bf24cfb19e
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken2.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken2.java
@@ -0,0 +1,40 @@
 
				+/*
			
 
				+ * Copyright 2020 the original author or authors.
			
 
				+ *
			
 
				+ * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+ * you may not use this file except in compliance with the License.
			
 
				+ * You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *      https://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+package org.springframework.security.oauth2.core;
			
 
				+
			
 
				+import java.time.Instant;
			
 
				+
			
 
				+/**
			
 
				+ * TODO
			
 
				+ * This class is temporary and will be removed after upgrading to Spring Security 5.5.0 GA.
			
 
				+ *
			
 
				+ * @author Joe Grandja
			
 
				+ * @since 0.0.3
			
 
				+ * @see <a target="_blank" href="https://github.com/spring-projects/spring-security/pull/9146">Issue gh-9146</a>
			
 
				+ */
			
 
				+public class OAuth2RefreshToken2 extends OAuth2RefreshToken {
			
 
				+	private final Instant expiresAt;
			
 
				+
			
 
				+	public OAuth2RefreshToken2(String tokenValue, Instant issuedAt, Instant expiresAt) {
			
 
				+		super(tokenValue, issuedAt);
			
 
				+		this.expiresAt = expiresAt;
			
 
				+	}
			
 
				+
			
 
				+	@Override
			
 
				+	public Instant getExpiresAt() {
			
 
				+		return this.expiresAt;
			
 
				+	}
			
 
				+}
			
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenIssuerUtil.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenIssuerUtil.java
@@ -18,6 +18,7 @@ package org.springframework.security.oauth2.server.authorization.authentication;
 
				 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
			
 
				 import org.springframework.security.crypto.keygen.StringKeyGenerator;
			
 
				 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
			
 
				+import org.springframework.security.oauth2.core.OAuth2RefreshToken2;
			
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
			
 
				 import org.springframework.security.oauth2.jose.JoseHeader;
			
 
				 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
			
@@ -72,6 +73,6 @@ class OAuth2TokenIssuerUtil {
 
				 		Instant issuedAt = Instant.now();
			
 
				 		Instant expiresAt = issuedAt.plus(refreshTokenTimeToLive);
			
 
				 
			
 
				-		return new OAuth2RefreshToken(TOKEN_GENERATOR.generateKey(), issuedAt, expiresAt);
			
 
				+		return new OAuth2RefreshToken2(TOKEN_GENERATOR.generateKey(), issuedAt, expiresAt);
			
 
				 	}
			
 
				 }
			
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2Tokens.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2Tokens.java
@@ -19,6 +19,7 @@ import org.springframework.lang.Nullable;
 
				 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
			
 
				 import org.springframework.security.oauth2.core.OAuth2AccessToken;
			
 
				 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
			
 
				+import org.springframework.security.oauth2.core.OAuth2RefreshToken2;
			
 
				 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
			
 
				 import org.springframework.security.oauth2.server.authorization.Version;
			
 
				 import org.springframework.util.Assert;
			
@@ -64,7 +65,8 @@ public class OAuth2Tokens implements Serializable {
 
				 	 */
			
 
				 	@Nullable
			
 
				 	public OAuth2RefreshToken getRefreshToken() {
			
 
				-		return getToken(OAuth2RefreshToken.class);
			
 
				+		OAuth2RefreshToken refreshToken = getToken(OAuth2RefreshToken.class);
			
 
				+		return refreshToken != null ? refreshToken : getToken(OAuth2RefreshToken2.class);
			
 
				 	}
			
 
				 
			
 
				 	/**
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.server.authorization;
 
				 
			
 
				 import org.springframework.security.oauth2.core.OAuth2AccessToken;
			
 
				 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
			
 
				+import org.springframework.security.oauth2.core.OAuth2RefreshToken2;
			
 
				 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
			
 
				 import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
			
@@ -48,7 +49,7 @@ public class TestOAuth2Authorizations {
 
				 				"code", Instant.now(), Instant.now().plusSeconds(120));
			
 
				 		OAuth2AccessToken accessToken = new OAuth2AccessToken(
			
 
				 				OAuth2AccessToken.TokenType.BEARER, "access-token", Instant.now(), Instant.now().plusSeconds(300));
			
 
				-		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken(
			
 
				+		OAuth2RefreshToken refreshToken = new OAuth2RefreshToken2(
			
 
				 				"refresh-token", Instant.now(), Instant.now().plus(1, ChronoUnit.HOURS));
			
 
				 		OAuth2AuthorizationRequest authorizationRequest = OAuth2AuthorizationRequest.authorizationCode()
			
 
				 				.authorizationUri("https://provider.com/oauth2/authorize")
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
@@ -23,6 +23,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 
				 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
			
 
				 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
			
 
				 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
			
 
				+import org.springframework.security.oauth2.core.OAuth2RefreshToken2;
			
 
				 import org.springframework.security.oauth2.jose.JoseHeaderNames;
			
 
				 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
			
 
				 import org.springframework.security.oauth2.jwt.Jwt;
			
@@ -291,7 +292,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
 
				 	public void authenticateWhenExpiredRefreshTokenThenThrowOAuth2AuthenticationException() {
			
 
				 		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
			
 
				 		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
			
 
				-		OAuth2RefreshToken expiredRefreshToken = new OAuth2RefreshToken(
			
 
				+		OAuth2RefreshToken expiredRefreshToken = new OAuth2RefreshToken2(
			
 
				 				"expired-refresh-token", Instant.now().minusSeconds(120), Instant.now().minusSeconds(60));
			
 
				 		OAuth2Tokens tokens = OAuth2Tokens.from(authorization.getTokens()).refreshToken(expiredRefreshToken).build();
			
 
				 		authorization = OAuth2Authorization.from(authorization).tokens(tokens).build();