1.Spring Security OAuth2 stores token values in a variety of ways, all of which implement the TokenStore interface
- InMemoryTokenStore:token is stored in local memory
- JdbcTokenStore:token is stored in the database
- JwtTokenStore:token will not be stored in any media
- RedisTokenStore:token is stored in the Redis database
2. Look at the RedisTokenStore implementation class that stores those key s in redis and paste the source code as follows:
private static final String ACCESS = "access:";
private static final String AUTH_TO_ACCESS = "auth_to_access:";
private static final String AUTH = "auth:";
private static final String REFRESH_AUTH = "refresh_auth:";
private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
private static final String REFRESH = "refresh:";
private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
private static final String UNAME_TO_ACCESS = "uname_to_access:";
In this case, using the password, refresh_token mode, nine key-value pairs are stored in the Redis cache, of which five are related to access_token and four are related to refresh_token.
- access_token-related access:(OAuth2AccessToken), auth:(OAuth2Authentication), auth_to_access:(OAuth2AccessToken), client_id_to_access:(OAuth2AccessToken), uname_to_access:(OAuth2AccessToken)
- Refresh_token-related refresh:(OAuth2RefreshToken), refresh_auth:(OAuth2Authentication), access_to_refresh(refresh_token):, refresh_to_access:(refresh_token)
3. Understand the data stored by each key by looking at the RedisTokenStore source (I don't post it)
- The key stored in access: is access:be171b573f5a496ca601b32b1360fe84, the value is the serialized value of the OAuth2AccessToken object
- The key is access:+access_token
- Examples of values are as follows:
{ "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5", "token_type": "bearer", "refresh_token": "357304ee0a404700b3e65d547713011b", "expires_in": 898, "scope": "test" }
- The key stored in auth_to_access:is auth_to_access:a994f2a9a61186f32870e32d72a38d21, which is the value serialized by OAuth2AccessToken
-
Key is auth_to_access:+ username, client_id, scope three MD5 encrypted values
-
Examples of values are as follows:
{ "access_token": "12833d6c89fb4ea58cbe7b6ada5de7b5", "token_type": "bearer", "refresh_token": "357304ee0a404700b3e65d547713011b", "expires_in": 898, "scope": "test" }
- The key stored in auth: is auth:be171b573f5a496ca601b32b1360fe84, and the value is the serialized value of the OAuth2Authentication object
- The key is the auth:+access_token value
- Examples of values are as follows:
{
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": null,
"tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"grant_type": "password",
"username": "user",
"scope": "test"
},
"authenticated": true,
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"credentials": null,
"name": "user"
},
"credentials": "",
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"oauth2Request": {
"clientId": "client_password",
"scope": [
"test"
],
"requestParameters": {
"grant_type": "password",
"scope": "test",
"username": "user"
},
"resourceIds": [
"resource_password_id"
],
"authorities": [],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "password",
"refreshTokenRequest": null
},
"clientOnly": false,
"name": "user"
}
- Refresh_auth: Stores refresh_auth:d0017ce6db6441d1b87a0a2804d1434b, the value after OAuth2Authentication serialization
- The key is: refresh_auth:+refresh_token value
- Examples of values are as follows:
{
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": null,
"tokenValue": "dfec9f18e161408dbf66b85b94401d7f",
"tokenType": "Bearer",
"decodedDetails": null
},
"authenticated": true,
"userAuthentication": {
"authorities": [
{
"authority": "ROLE"
}
],
"details": {
"grant_type": "password",
"username": "user",
"scope": "test"
},
"authenticated": true,
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"credentials": null,
"name": "user"
},
"credentials": "",
"principal": {
"password": null,
"username": "user",
"authorities": [
{
"authority": "ROLE"
}
],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"oauth2Request": {
"clientId": "client_password",
"scope": [
"test"
],
"requestParameters": {
"grant_type": "password",
"scope": "test",
"username": "user"
},
"resourceIds": [
"resource_password_id"
],
"authorities": [],
"approved": true,
"refresh": false,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"grantType": "password",
"refreshTokenRequest": null
},
"clientOnly": false,
"name": "user"
}
- Access_to_refresh: Stores access_to_refresh:c90cab28971948d2a85ca2ae814641ed with a value of refresh_token
- The key is the access_to_refresh:+refresh_token value
- The value is the refresh_token value
- Refresh: stores refresh:d0017ce6db6441d1b87a0a2804d1434b, which is the serialized value of the OAuth2RefreshToken object
- The key is the refresh:+refresh_token value
- Examples of values are as follows:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
- The value stored in refresh_to_access: is refresh_to_access:d0017ce6db6441d1b87a0a2804d1434b, and the value is refresh_token
- The key is the refresh_to_access:+refresh_token value
- Examples of values are as follows:
be171b573f5a496ca601b32b1360fe84
- The value stored in client_id_to_access:is client_id_to_access:client_password and is the serialized value of OAuth2AccessToken
- The key is client_id_to_access:+clientId
- Examples of values are as follows:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
- The key stored in uname_to_access:is uname_to_access:client_password:user and the value is the serialized value of the OAuth2AccessToken object
- The key is uname_to_access:+clientid+username
- Examples of values are as follows:
{
"access_token": "dfec9f18e161408dbf66b85b94401d7f",
"token_type": "bearer",
"refresh_token": "8bcd9cfb04a3445e8933c788b2673a89",
"expires_in": 898,
"scope": "test"
}
GitHub Source: https://github.com/mingyang66/spring-parent/edit/master/spring-security-oauth2-server-redis-service/README.md