0

There is spring-security-oauth2 service with grant_type=password, refresh token.

I want to store refresh_token in java code and not send it to client via http(s). (why? - here)

So, 2 cases have to be handled:
1. do not send refresh_token in response
2. automatically insert refresh_token in request when in needed

1st can be done as in here

Question: how 2nd case can be done?

Usually, to get access token via refresh_token following request have to be sent:

POST: .../oaut/token?refresh_token=***&grant_type=refresh_token

I want to send

POST: .../oaut/token?access_token=***&grant_type=refresh_token

and then fetch refresh_token corresponding to access_token from some storage and add it as request parameter

Improve this question

1 Answer 1

Reset to default
0

Simple custom Spring Filter can help here. In particular OncePerRequestFilter.class [example]

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.