spring-authorization-server/docs/modules/ROOT/pages/guides/how-to-redis.adoc

[[how-to-redis]]
= How-to: Implement core services with Redis
:index-link: ../how-to.html
:docs-dir: ..

This guide shows how to implement the xref:core-model-components.adoc[core services] of xref:index.adoc[Spring Authorization Server] with https://redis.io/[Redis].
The purpose of this guide is to provide a starting point for implementing these services yourself, with the intention that you can make modifications to suit your needs.

* xref:guides/how-to-redis.adoc#define-entity-model[Define the entity model]
* xref:guides/how-to-redis.adoc#create-spring-data-repositories[Create Spring Data repositories]
* xref:guides/how-to-redis.adoc#implement-core-services[Implement core services]
* xref:guides/how-to-redis.adoc#configure-core-services[Configure core services]

TIP: The code samples provided in this guide are located in the https://github.com/spring-projects/spring-authorization-server/tree/main/docs/src/main/java/sample[documentation samples] directory under the *_redis_* subdirectory.

[[define-entity-model]]
== Define the entity model

The following defines the entity model representation for the `RegisteredClient`, `OAuth2Authorization` and `OAuth2AuthorizationConsent` domain classes.

* xref:guides/how-to-redis.adoc#registered-client-entity[Registered Client Entity]
* xref:guides/how-to-redis.adoc#authorization-grant-entity[Authorization Grant _Base_ Entity]
* xref:guides/how-to-redis.adoc#oauth2-authorization-code-grant-entity[Authorization Code Grant Entity (OAuth 2.0)]
* xref:guides/how-to-redis.adoc#oidc-authorization-code-grant-entity[Authorization Code Grant Entity (OpenID Connect 1.0)]
* xref:guides/how-to-redis.adoc#client-credentials-grant-entity[Client Credentials Grant Entity]
* xref:guides/how-to-redis.adoc#device-code-grant-entity[Device Code Grant Entity]
* xref:guides/how-to-redis.adoc#token-exchange-grant-entity[Token Exchange Grant Entity]
* xref:guides/how-to-redis.adoc#authorization-consent-entity[Authorization Consent Entity]

[[registered-client-entity]]
=== Registered Client Entity

The following listing shows the `OAuth2RegisteredClient` entity, which is used to persist information mapped from the xref:core-model-components.adoc#registered-client[`RegisteredClient`] domain class.

.OAuth2RegisteredClient Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2RegisteredClient.java[]
----

TIP: Click on the "Expand folded text" icon in the code sample above to display the full example.

[[authorization-grant-entity]]
=== Authorization Grant _Base_ Entity

The entity model for the xref:core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain class is designed with a class hierarchy based on authorization grant type.

The following listing shows the `OAuth2AuthorizationGrantAuthorization` _base_ entity, which defines common attributes for each authorization grant type.

.OAuth2AuthorizationGrantAuthorization _Base_ Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2AuthorizationGrantAuthorization.java[]
----

[[oauth2-authorization-code-grant-entity]]
=== Authorization Code Grant Entity (OAuth 2.0)

The following listing shows the `OAuth2AuthorizationCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, and defines additional attributes for the OAuth 2.0 `authorization_code` grant type.

.OAuth2AuthorizationCodeGrantAuthorization Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2AuthorizationCodeGrantAuthorization.java[]
----

[[oidc-authorization-code-grant-entity]]
=== Authorization Code Grant Entity (OpenID Connect 1.0)

The following listing shows the `OidcAuthorizationCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationCodeGrantAuthorization`, and defines additional attributes for the OpenID Connect 1.0 `authorization_code` grant type.

.OidcAuthorizationCodeGrantAuthorization Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OidcAuthorizationCodeGrantAuthorization.java[]
----

[[client-credentials-grant-entity]]
=== Client Credentials Grant Entity

The following listing shows the `OAuth2ClientCredentialsGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, for the `client_credentials` grant type.

.OAuth2ClientCredentialsGrantAuthorization Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2ClientCredentialsGrantAuthorization.java[]
----

[[device-code-grant-entity]]
=== Device Code Grant Entity

The following listing shows the `OAuth2DeviceCodeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, and defines additional attributes for the `urn:ietf:params:oauth:grant-type:device_code` grant type.

.OAuth2DeviceCodeGrantAuthorization Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2DeviceCodeGrantAuthorization.java[]
----

[[token-exchange-grant-entity]]
=== Token Exchange Grant Entity

The following listing shows the `OAuth2TokenExchangeGrantAuthorization` entity, which extends `OAuth2AuthorizationGrantAuthorization`, for the `urn:ietf:params:oauth:grant-type:token-exchange` grant type.

.OAuth2TokenExchangeGrantAuthorization Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2TokenExchangeGrantAuthorization.java[]
----

[[authorization-consent-entity]]
=== Authorization Consent Entity

The following listing shows the `OAuth2UserConsent` entity, which is used to persist information mapped from the xref:core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain class.

.OAuth2UserConsent Entity
[source,java]
----
include::{examples-dir}/main/java/sample/redis/entity/OAuth2UserConsent.java[]
----

[[create-spring-data-repositories]]
== Create Spring Data repositories

By closely examining the interfaces of each core service and reviewing the `Jdbc` implementations, we can derive a minimal set of queries needed for supporting a Redis version of each interface.

* xref:guides/how-to-redis.adoc#registered-client-repository[Registered Client Repository]
* xref:guides/how-to-redis.adoc#authorization-grant-repository[Authorization Grant Repository]
* xref:guides/how-to-redis.adoc#authorization-consent-repository[Authorization Consent Repository]

[[registered-client-repository]]
=== Registered Client Repository

The following listing shows the `OAuth2RegisteredClientRepository`, which is able to find a xref:guides/how-to-redis.adoc#registered-client-entity[`OAuth2RegisteredClient`] by the `id` and `clientId` fields.

.OAuth2RegisteredClientRepository
[source,java]
----
include::{examples-dir}/main/java/sample/redis/repository/OAuth2RegisteredClientRepository.java[]
----

[[authorization-grant-repository]]
=== Authorization Grant Repository

The following listing shows the `OAuth2AuthorizationGrantAuthorizationRepository`, which is able to find an xref:guides/how-to-redis.adoc#authorization-grant-entity[`OAuth2AuthorizationGrantAuthorization`] by the `id` field as well as by `state`, `authorizationCode`, `accessToken`, `refreshToken`, `idToken`, `deviceState`, `userCode` and `deviceCode` values.

.OAuth2AuthorizationGrantAuthorizationRepository
[source,java]
----
include::{examples-dir}/main/java/sample/redis/repository/OAuth2AuthorizationGrantAuthorizationRepository.java[]
----

[[authorization-consent-repository]]
=== Authorization Consent Repository

The following listing shows the `OAuth2UserConsentRepository`, which is able to find and delete an xref:guides/how-to-redis.adoc#authorization-consent-entity[`OAuth2UserConsent`] by the `registeredClientId` and `principalName` fields that form the composite primary key.

.OAuth2UserConsentRepository
[source,java]
----
include::{examples-dir}/main/java/sample/redis/repository/OAuth2UserConsentRepository.java[]
----

[[implement-core-services]]
== Implement core services

With the above xref:guides/how-to-redis.adoc#define-entity-model[entities] and xref:guides/how-to-redis.adoc#create-spring-data-repositories[repositories], we can begin implementing the core services.

TIP: The core services make use of the `ModelMapper` utility class for converting to and from the domain object (e.g. `RegisteredClient`) to the entity model representation (e.g. `OAuth2RegisteredClient`).

* xref:guides/how-to-redis.adoc#redis-registered-client-repository[Registered Client Repository]
* xref:guides/how-to-redis.adoc#redis-authorization-service[Authorization Service]
* xref:guides/how-to-redis.adoc#redis-authorization-consent-service[Authorization Consent Service]

[[redis-registered-client-repository]]
=== Registered Client Repository

The following listing shows the `RedisRegisteredClientRepository`, which uses an xref:guides/how-to-redis.adoc#registered-client-repository[`OAuth2RegisteredClientRepository`] for persisting an xref:guides/how-to-redis.adoc#registered-client-entity[`OAuth2RegisteredClient`] and maps to and from the xref:core-model-components.adoc#registered-client[`RegisteredClient`] domain object, using the `ModelMapper` utility class.

.RedisRegisteredClientRepository
[source,java]
----
include::{examples-dir}/main/java/sample/redis/service/RedisRegisteredClientRepository.java[]
----

[[redis-authorization-service]]
=== Authorization Service

The following listing shows the `RedisOAuth2AuthorizationService`, which uses an xref:guides/how-to-redis.adoc#authorization-grant-repository[`OAuth2AuthorizationGrantAuthorizationRepository`] for persisting an xref:guides/how-to-redis.adoc#authorization-grant-entity[`OAuth2AuthorizationGrantAuthorization`] and maps to and from the xref:core-model-components.adoc#oauth2-authorization[`OAuth2Authorization`] domain object, using the `ModelMapper` utility class.

.RedisOAuth2AuthorizationService
[source,java]
----
include::{examples-dir}/main/java/sample/redis/service/RedisOAuth2AuthorizationService.java[]
----

[[redis-authorization-consent-service]]
=== Authorization Consent Service

The following listing shows the `RedisOAuth2AuthorizationConsentService`, which uses an xref:guides/how-to-redis.adoc#authorization-consent-repository[`OAuth2UserConsentRepository`] for persisting an xref:guides/how-to-redis.adoc#authorization-consent-entity[`OAuth2UserConsent`] and maps to and from the xref:core-model-components.adoc#oauth2-authorization-consent[`OAuth2AuthorizationConsent`] domain object, using the `ModelMapper` utility class.

.RedisOAuth2AuthorizationConsentService
[source,java]
----
include::{examples-dir}/main/java/sample/redis/service/RedisOAuth2AuthorizationConsentService.java[]
----

[[configure-core-services]]
== Configure core services

The following example shows how to configure the core services:

.RedisConfig
[source,java]
----
include::{examples-dir}/main/java/sample/redis/config/RedisConfig.java[]
----

<1> Activate the Spring Data Redis repositories under the `sample.redis.repository` base package.
<2> Use the https://docs.spring.io/spring-data/redis/reference/redis/drivers.html#redis:connectors:jedis[Jedis] Connector.
<3> Register the custom ``Converter``'s that perform the Object-to-Hash conversion before persisting to Redis.
<4> Register the `RedisRegisteredClientRepository` with the activated `OAuth2RegisteredClientRepository`.
<5> Register the `RedisOAuth2AuthorizationService` with the activated `OAuth2AuthorizationGrantAuthorizationRepository`.
<6> Register the `RedisOAuth2AuthorizationConsentService` with the activated `OAuth2UserConsentRepository`.