我希望能够从客户端配置访问令牌的生存时间,而不仅仅是在使用Oauth2启动服务器时。目前,我只能设置服务器启动时的到期时间,请参见下面的代码。
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(securedEnabled = true)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Value("${oauth.clientId}")
private String clientId;
@Value("${oauth.secret}")
private String secret;
@Value("${oauth.resourceId}")
private String resourceId;
@Value("${oauth.tokenTimeout}")
public int expiration;
@Value("${oauth.refreshTokenTimeout}")
private int refreshTokenExpiration;
....
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient(clientId)
.secret(passwordEncoder().encode(secret))
.accessTokenValiditySeconds(expiration)
.refreshTokenValiditySeconds(refreshTokenExpiration)
.scopes("read", "write")
.authorizedGrantTypes("password", "refresh_token")
.resourceIds(resourceId);
}
}