Token Enhancers

Spring Security expects an OAuth2TokenCustomizer<JwtEncodingContext> bean to facilitate customizing the JWT access token. Broadleaf registers the DefaultJwtTokenCustomizer, which in turn delegates to a List of JwtAccessTokenEnhancer to add claims.

To add new claims to the access token, simply register a JwtAccessTokenEnhancer bean. In the enhance(JwtTokenEnhancerContext context) method, use JwtTokenEnhancerContext#getClaims() to get the JwtClaimsSet.Builder, to which new claims can be added.

Here are the JwtAccessTokenEnhancer classes included with AuthenticationServices 2.0 to add Broadleaf’s claims to access tokens:

Spring provides a concept of a TokenEnhancer in order to update claims on the token before it is stored and returned.

By default, Spring contributes its own claims to facilitate building out a JWT compliant token using the JWTAccessTokenConverter.

Broadleaf provides a set of additional enhancers to contribute additional claims that are used by various microservices in the framework.

The following is a list of some included Broadleaf-specific enhancers:

See the Example Customizations sections to view more details on how you can create your own token enhancer.