Fine if that works, but you should consider TokenStore to be an internal detail of the implementation of DefaultTokenServices (and not use it directly if possible). If you like decoding the token twice (once in the authentication filter and once in the controller) you can inject a ResourceServerTokenServices into your controller, and that would be preferable. Personally, I would prefer to use the Principal (it should be an instance of OAuth2Authentication if the correct filter is in place).
Reply With Quote
Originally Posted by Dave Syer
