Search:

We solved this by using implementing TokenEnhancer

http://static.springsource.org/spring-security/oauth/apidocs/org/springframework/security/oauth2/provider/token/TokenEnhancer.html

Using this...

We'd like to be able to use encoded secrets for our oauth2 clients so that they are not stored in the clear in our database.

I have a password encoder setup for my client and user authentication...

I thought that if we changed the return payload that it might break standards compliant clients. Thanks for confirming that.

Thanks for all your help, and all your work on this framework!

I guess I was using incorrect terminology. Hopefully what I've written below makes more sense.

The JSON response from the token endpoint is below

{"access_token": "<token>",
...

I need to pass additional data back in my access tokens so that our clients are able to receive additional data when the user/client is authorized.

It appears that the OAuth2AccessToken class...