From aa1ef46d846e523c6642ea204bfc707c408884f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1vid=20Kov=C3=A1=C4=8D?= Date: Sat, 9 Oct 2021 13:56:25 +0200 Subject: [PATCH] Update clockSkew javadoc according to implementation Closes gh-10174 --- ...OAuth2AuthorizedClientProviderBuilder.java | 20 ++++++++++++------- ...OAuth2AuthorizedClientProviderBuilder.java | 20 ++++++++++++------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java index fa109dd2aa..10a048f185 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientProviderBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -204,10 +204,12 @@ public final class OAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link PasswordGrantBuilder} + * @see PasswordOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public PasswordGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew; @@ -275,10 +277,12 @@ public final class OAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link ClientCredentialsGrantBuilder} + * @see ClientCredentialsOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public ClientCredentialsGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew; @@ -365,10 +369,12 @@ public final class OAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link RefreshTokenGrantBuilder} + * @see RefreshTokenOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java index 7b0580571d..c9483fa16b 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/ReactiveOAuth2AuthorizedClientProviderBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -225,10 +225,12 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link ClientCredentialsGrantBuilder} + * @see ClientCredentialsReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public ClientCredentialsGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew; @@ -297,10 +299,12 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link PasswordGrantBuilder} + * @see PasswordReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public PasswordGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew; @@ -368,10 +372,12 @@ public final class ReactiveOAuth2AuthorizedClientProviderBuilder { /** * Sets the maximum acceptable clock skew, which is used when checking the access - * token expiry. An access token is considered expired if it's before - * {@code Instant.now(this.clock) - clockSkew}. + * token expiry. An access token is considered expired if + * {@code OAuth2Token#getExpiresAt() - clockSkew} is before the current time + * {@code clock#instant()}. * @param clockSkew the maximum acceptable clock skew * @return the {@link RefreshTokenGrantBuilder} + * @see RefreshTokenReactiveOAuth2AuthorizedClientProvider#setClockSkew(Duration) */ public RefreshTokenGrantBuilder clockSkew(Duration clockSkew) { this.clockSkew = clockSkew;