Closed
Description
An authorization server needs to maintain existing authorizations between a client and resource owner. For example, when a resource owner grants access to a client (to access its protected resources), the authorization server must persist certain data in order to validate the authorization grant flow until it completes.
For example, during an authorization_code
grant flow, the authorization server must persist the following data:
- Certain Authorization Request parameters -
OAuth2AuthorizationRequest
- The identifier of the client -
client_id
- The identifier of the resource owner - current
Authentication.getName()
- The authorization
code
parameter - The granted access token -
OAuth2AccessToken
The initial implementation should provide an in-memory implementation of OAuth2AuthorizationService
, similar to InMemoryOAuth2AuthorizedClientService
in the spring-security-oauth2-client
module.
Implementation Requirements
InMemoryOAuth2AuthorizationService
should store in aMap
OAuth2Authorization
should be immutableOAuth2Authorization.attributes
should be used for storing data that is specific to an authorization grant, eg. authorizationcode
parameter,OAuth2AuthorizationRequest
, etc.- javadoc
class
andpublic
methods - Unit tests