There are multiple ways of retrieving user/client information associated to the token specified in a request.
With Spring, a very simple way is adding a OAuth2Authentication parameter in the controller of the method we where want to get that information.
In Oauth2, a token is always issued for a client (client in the frame of the oauth2 vocabulary, that is client application) but the token may be associated or not to a user.
With that Spring feature, we could so retrieve these information.
For example by writing a controller method signature such as :
@RequestMapping( method = RequestMethod.GET) public ResponseEntity<Foo> get(OAuth2Authentication auth) throws URISyntaxException {<br /> .... <br />} |
To get the user authentication object :
import org.springframework.security.core.Authentication; Authentication userAuth = auth.getUserAuthentication(); |
To get the oauth2 request (associated to the client application) :
import org.springframework.security.oauth2.provider.OAuth2Request; OAuth2Request oauth2Request = auth.getOAuth2Request(); |