Make it possible to specify the refresh token expiration in the OAuth2AccessTokenResponse #15851
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
status: waiting-for-feedback
We need additional information before we can continue
type: enhancement
A general enhancement
Expected Behavior
I'd like to be able to customize the
refreshToken
in theOAuth2AccessTokenResponse
by specifying a refresh token expiration value.OAuth2AccessTokenResponse.Builder
could expose a method to optionally set the expiration for a refresh token.Current Behavior
OAuth2AccessTokenResponse.Builder
always constructs anOAuth2RefreshToken
instance with the nullexpiresAt
value and doesn't allow to customize this behavior.Context
The authorization server I'm using provides the
refresh_token_expires_in
parameter along with the access and refresh tokens during the authorization code grant flow. I'd like to get this value from theOAuth2RefreshToken
for further processing within the application. As therefresh_token_expires_in
is not a standard parameter, I was going to use a custom access token response converter instead of theDefaultMapOAuth2AccessTokenResponseConverter
one to extract the refresh token expiration value from the response. Unfortunately,OAuth2AccessTokenResponse.Builder
uses theOAuth2RefreshToken
constructor without theexpiresAt
parameter and doesn't provide a way to set the refresh token expiration.The text was updated successfully, but these errors were encountered: