Skip to content

add setClock in the JWT token #2004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add setClock in the JWT token #2004

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/modules/ROOT/pages/core-model-components.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,7 @@ The following example shows how to register an `OAuth2TokenGenerator` `@Bean`:
public OAuth2TokenGenerator<?> tokenGenerator() {
JwtEncoder jwtEncoder = ...
JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
return new DelegatingOAuth2TokenGenerator(
Expand Down Expand Up @@ -441,6 +442,7 @@ The following example shows how to implement an `OAuth2TokenCustomizer<OAuth2Tok
public OAuth2TokenGenerator<?> tokenGenerator() {
JwtEncoder jwtEncoder = ...
JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
accessTokenGenerator.setAccessTokenCustomizer(accessTokenCustomizer());
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
Expand Down Expand Up @@ -473,6 +475,7 @@ The following example shows how to implement an `OAuth2TokenCustomizer<JwtEncodi
public OAuth2TokenGenerator<?> tokenGenerator() {
JwtEncoder jwtEncoder = ...
JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(jwtCustomizer());
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
Expand Down
2 changes: 2 additions & 0 deletions docs/src/main/java/sample/extgrant/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package sample.extgrant;

import java.time.Clock;
import java.util.UUID;

import com.nimbusds.jose.jwk.source.JWKSource;
Expand Down Expand Up @@ -100,6 +101,7 @@ OAuth2AuthorizationService authorizationService() {
@Bean
OAuth2TokenGenerator<?> tokenGenerator(JWKSource<SecurityContext> jwkSource) {
JwtGenerator jwtGenerator = new JwtGenerator(new NimbusJwtEncoder(jwkSource));
jwtGenerator.setClock(Clock.systemUTC());
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
return new DelegatingOAuth2TokenGenerator(
Expand Down
2 changes: 2 additions & 0 deletions .../oauth2/server/authorization/config/annotation/web/configurers/OAuth2ConfigurerUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers;

import java.time.Clock;
import java.util.Map;

import com.nimbusds.jose.jwk.source.JWKSource;
Expand Down Expand Up @@ -128,6 +129,7 @@ private static JwtGenerator getJwtGenerator(HttpSecurity httpSecurity) {
JwtEncoder jwtEncoder = getJwtEncoder(httpSecurity);
if (jwtEncoder != null) {
jwtGenerator = new JwtGenerator(jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(getJwtCustomizer(httpSecurity));
httpSecurity.setSharedObject(JwtGenerator.class, jwtGenerator);
}
Expand Down
8 changes: 7 additions & 1 deletion ...ain/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization.token;

import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Collections;
Expand Down Expand Up @@ -61,6 +62,7 @@
public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {

private final JwtEncoder jwtEncoder;
private Clock clock;

private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;

Expand Down Expand Up @@ -94,7 +96,7 @@ public Jwt generate(OAuth2TokenContext context) {
}
RegisteredClient registeredClient = context.getRegisteredClient();

Instant issuedAt = Instant.now();
Instant issuedAt = clock.instant();
Instant expiresAt;
JwsAlgorithm jwsAlgorithm = SignatureAlgorithm.RS256;
if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
Expand Down Expand Up @@ -207,4 +209,8 @@ public void setJwtCustomizer(OAuth2TokenCustomizer<JwtEncodingContext> jwtCustom
this.jwtCustomizer = jwtCustomizer;
}

public void setClock(Clock clock) {
this.clock = clock;
}

}
2 changes: 2 additions & 0 deletions ...rver/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
Expand Down Expand Up @@ -133,6 +134,7 @@ public void setUp() {
this.jwtEncoder = mock(JwtEncoder.class);
this.jwtCustomizer = mock(OAuth2TokenCustomizer.class);
JwtGenerator jwtGenerator = new JwtGenerator(this.jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
this.accessTokenCustomizer = mock(OAuth2TokenCustomizer.class);
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
Expand Down
2 changes: 2 additions & 0 deletions ...rver/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization.authentication;

import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Collections;
Expand Down Expand Up @@ -105,6 +106,7 @@ public void setUp() {
this.jwtEncoder = mock(JwtEncoder.class);
this.jwtCustomizer = mock(OAuth2TokenCustomizer.class);
JwtGenerator jwtGenerator = new JwtGenerator(this.jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
this.accessTokenCustomizer = mock(OAuth2TokenCustomizer.class);
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
Expand Down
2 changes: 2 additions & 0 deletions ...h2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package org.springframework.security.oauth2.server.authorization.authentication;

import java.security.Principal;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Collections;
Expand Down Expand Up @@ -120,6 +121,7 @@ public void setUp() {
given(this.jwtEncoder.encode(any())).willReturn(createJwt(Collections.singleton("scope1")));
this.jwtCustomizer = mock(OAuth2TokenCustomizer.class);
JwtGenerator jwtGenerator = new JwtGenerator(this.jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
this.accessTokenCustomizer = mock(OAuth2TokenCustomizer.class);
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
Expand Down
3 changes: 3 additions & 0 deletions ...er/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.text.MessageFormat;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
Expand Down Expand Up @@ -1234,6 +1235,7 @@ JwtEncoder jwtEncoder() {
@Bean
OAuth2TokenGenerator<?> tokenGenerator() {
JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder());
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(jwtCustomizer());
OAuth2TokenGenerator<OAuth2RefreshToken> refreshTokenGenerator = new CustomRefreshTokenGenerator();
return new DelegatingOAuth2TokenGenerator(jwtGenerator, refreshTokenGenerator);
Expand Down Expand Up @@ -1296,6 +1298,7 @@ JwtEncoder jwtEncoder() {
@Bean
OAuth2TokenGenerator<?> tokenGenerator() {
JwtGenerator jwtGenerator = new JwtGenerator(jwtEncoder());
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(jwtCustomizer());
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
OAuth2TokenGenerator<OAuth2Token> delegatingTokenGenerator = new DelegatingOAuth2TokenGenerator(
Expand Down
3 changes: 3 additions & 0 deletions ...ork/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.time.Clock;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
Expand Down Expand Up @@ -720,6 +721,7 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
@Bean
OAuth2TokenGenerator<?> tokenGenerator() {
JwtGenerator jwtGenerator = new JwtGenerator(new NimbusJwtEncoder(jwkSource()));
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(jwtCustomizer());
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
OAuth2TokenGenerator<OAuth2Token> delegatingTokenGenerator = new DelegatingOAuth2TokenGenerator(
Expand Down Expand Up @@ -761,6 +763,7 @@ SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) th
@Bean
OAuth2TokenGenerator<?> tokenGenerator() {
JwtGenerator jwtGenerator = new JwtGenerator(new NimbusJwtEncoder(jwkSource()));
jwtGenerator.setClock(Clock.systemUTC());
jwtGenerator.setJwtCustomizer(jwtCustomizer());
OAuth2TokenGenerator<OAuth2RefreshToken> refreshTokenGenerator = new CustomRefreshTokenGenerator();
return new DelegatingOAuth2TokenGenerator(jwtGenerator, refreshTokenGenerator);
Expand Down
2 changes: 2 additions & 0 deletions .../authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package org.springframework.security.oauth2.server.authorization.oidc.authentication;

import java.time.Clock;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
Expand Down Expand Up @@ -108,6 +109,7 @@ public void setUp() {
this.authorizationService = mock(OAuth2AuthorizationService.class);
this.jwtEncoder = mock(JwtEncoder.class);
JwtGenerator jwtGenerator = new JwtGenerator(this.jwtEncoder);
jwtGenerator.setClock(Clock.systemUTC());
this.tokenGenerator = spy(new OAuth2TokenGenerator<Jwt>() {
@Override
public Jwt generate(OAuth2TokenContext context) {
Expand Down
2 changes: 2 additions & 0 deletions ...ava/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package org.springframework.security.oauth2.server.authorization.token;

import java.security.Principal;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Date;
Expand Down Expand Up @@ -84,6 +85,7 @@ public void setUp() {
this.jwtCustomizer = mock(OAuth2TokenCustomizer.class);
this.jwtGenerator = new JwtGenerator(this.jwtEncoder);
this.jwtGenerator.setJwtCustomizer(this.jwtCustomizer);
this.jwtGenerator.setClock(Clock.systemUTC());
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder()
.issuer("https://provider.com")
.build();
Expand Down