Spring OAuth2 extract Principal from access token string

Question

I have access token received in controller and I need to extract Principal from string access token. Without using Authentication in method argument since in this object will be different user. Simple decoding of token should help. Anyone know how to do that from just access token string? Example

@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") String accessToken) {
    //extract Principal from accessToken variable
}

Answer 1

After some time I manage to get Principal from access token string.

@Autowired
private TokenStore tokenStore;

@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") String accessToken) {
    tokenStore.readAuthentication(accessToken).getPrincipal();
}

Answer 2

I don't know why you're sending another user's token in the request, which i find it dangerous cause access token contain sensible information ( credentials ). i advise you to change the way you identify the second user by creating something like action or identification token ( the schema you define will contain the id of the user and the information you want to send ).

in case you have another phylosophhy that you didn't mention and assuming the access token is a Jwt, you must first validate it, using the algorithm and the private key used to hash it.if it's a valid token, you can access its content.

@RequestMapping(value = "create", method = RequestMethod.POST)
public ResponseEntity create(Authentication authentication,@RequestParam("access_token") JwtAuthenticationToken accessToken) {
   // validate your accessToken
   // to access the token details
   accessToken.getTokenAttributes().get(A_KEY_IN_YOUR_TOKEN)
}

check this class