From 598a08e2d845e6eb8480d9877ffcf26edcd3e3ae Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Fri, 14 Jul 2017 16:58:04 -0400 Subject: [PATCH] Update docs AuthorizationCodeAuthenticationProvider Fixes gh-4450 --- .../AuthorizationCodeAuthenticationProvider.java | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java index 6474266d96..78af55d13a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.java @@ -39,7 +39,8 @@ import java.util.Collection; /** * An implementation of an {@link AuthenticationProvider} that is responsible for authenticating * an authorization code credential with the authorization server's Token Endpoint - * and if valid, exchanging it for an access token credential. + * and if valid, exchanging it for an access token credential and optionally an + * id token credential (for OpenID Connect Authorization Code Flow). * Additionally, it will also obtain the end-user's (resource owner) attributes from the UserInfo Endpoint * (using the access token) and create a Principal in the form of an {@link OAuth2User} * associating it with the returned {@link OAuth2AuthenticationToken}. @@ -51,13 +52,14 @@ import java.util.Collection; * If the request is valid, the authorization server will respond back with a {@link TokenResponseAttributes}. * *

- * It will then create a {@link OAuth2AuthenticationToken} associating the {@link AccessToken} - * from the {@link TokenResponseAttributes} and pass it to {@link OAuth2UserService#loadUser(OAuth2AuthenticationToken)} - * to obtain the end-user's (resource owner) attributes in the form of an {@link OAuth2User}. + * It will then create an {@link OAuth2AuthenticationToken} associating the {@link AccessToken} and optionally + * the {@link IdToken} from the {@link TokenResponseAttributes} and pass it to + * {@link OAuth2UserService#loadUser(OAuth2AuthenticationToken)} to obtain the end-user's (resource owner) attributes + * in the form of an {@link OAuth2User}. * *

* Finally, it will create another {@link OAuth2AuthenticationToken}, this time associating - * the {@link AccessToken} and {@link OAuth2User} and return it to the {@link AuthenticationManager}, + * the {@link AccessToken}, {@link IdToken} and {@link OAuth2User} and return it to the {@link AuthenticationManager}, * at which point the {@link OAuth2AuthenticationToken} is considered "authenticated". * * @author Joe Grandja @@ -66,11 +68,14 @@ import java.util.Collection; * @see AuthorizationGrantTokenExchanger * @see TokenResponseAttributes * @see AccessToken + * @see IdToken * @see OAuth2UserService * @see OAuth2User * @see Section 4.1 Authorization Code Grant Flow + * @see Section 3.1 OpenID Connect Authorization Code Flow * @see Section 4.1.3 Access Token Request * @see Section 4.1.4 Access Token Response + * @see Section 3.1.3.3 OpenID Connect Token Response */ public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider { private final AuthorizationGrantTokenExchanger authorizationCodeTokenExchanger;