Steffen Harbich :
Spring Security 5.1.0.M2 (release notes) added support for automatic refreshing of tokens when using WebClient
. However, I am using RestTemplate
. Is there a similar mechanism for RestTemplate
or do I need to implement that behavior myself?
The OAuth2RestTemplate
class looks promising but it's from the separate Spring Security OAuth module and I would like to use plain Spring Security 5.1 on the client if possible.
JohanB :
OAuth2RestTemplate
Will refresh tokens automatically. RestTemplate
will not (refresh tokens is part of the OAut2 spec, hence the OAuth2RestTemplate.
You have 2 options:
- Use Spring Security OAuth2 module and everything will work pretty much out of the box (configuration properties provided by Spring)
- Create your own RestTemplate based on Spring's OAut2RestTemplate
Spring's OAuth2 module will be integrated into Spring Security in the future. I would go for option 1.