In spring security oauth2, get access token and refresh token use the same endpoint '/oauth/token',and recognized by parameter grant_type 'code' or 'refresh_token'.
if (isAuthCodeRequest(parameters)) {
// The scope was requested or determined during the authorization step
if (!tokenRequest.getScope().isEmpty()) {
logger.debug("Clearing scope of incoming token request");
tokenRequest.setScope(Collections.<String> emptySet());
}
}
if (isRefreshTokenRequest(parameters)) {
// A refresh token has its own default scopes, so we should ignore any added by the factory here.
tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
}
But I want to separate this endpoint in to two, like 'oauth/access_token' for get access token,and 'oauth/refresh_token' for refreh access token. How can I do it ?
I hava tried to write my custom endpoint class,and register bean to override the default TokenEndpoint , but seem doesn't work well.