Skip to content

Add Clock support to OAuth2Authorization#19414

Open
Dawid01 wants to merge 1 commit into
spring-projects:mainfrom
Dawid01:gh-19413-oauth2-authorization-clock
Open

Add Clock support to OAuth2Authorization#19414
Dawid01 wants to merge 1 commit into
spring-projects:mainfrom
Dawid01:gh-19413-oauth2-authorization-clock

Conversation

@Dawid01

@Dawid01 Dawid01 commented Jul 2, 2026

Copy link
Copy Markdown

Closes gh-19413

Summary

Adds support for configuring a custom java.time.Clock on OAuth2Authorization via OAuth2Authorization.Builder#clock(Clock), so that Token#isExpired() and #isBeforeUse() evaluate against the injected Clock instead of always relying on the system clock.

Expected Behavior

It should be possible to configure a custom java.time.Clock on OAuth2Authorization (via OAuth2Authorization.Builder), so that Token#isExpired(), #isBeforeUse(), and #isActive() evaluate against the injected Clock instead of the system clock.

Current Behavior (before this change)

OAuth2Authorization.Token#isExpired() and #isBeforeUse() compared token timestamps (expiresAt, nbf claim) directly against Instant.now() / the system clock, with no way to override this externally.

Context

Writing deterministic tests for token expiry, not-yet-valid (nbf), and revocation/refresh flows previously required either Thread.sleep(...), constructing tokens with timestamps computed relative to Instant.now() at test-build time, or mocking static methods — all of which are brittle or awkward. Injecting a Clock makes these scenarios reproducible and independent of wall-clock time.

Changes

  • Added OAuth2Authorization.Builder#clock(Clock) to allow configuring a custom Clock.
  • OAuth2Authorization.Token now uses the configured Clock (defaulting to Clock.systemDefaultZone() when not set) in isExpired() and isBeforeUse().
  • OAuth2Authorization.from(...) propagates the configured Clock to the new Builder when copying an existing authorization.
  • Added OAuth2AuthorizationTokenMixin for Jackson serialization support.
  • Added unit tests covering expired/active tokens, not-before (nbf) handling, and default clock behavior.

Closes spring-projectsgh-19413

Signed-off-by: Dawid Szczepaniak <dawidszczepaniak55@gmail.com>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

status: waiting-for-triage An issue we've not yet triaged

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allow configuring a java.time.Clock in OAuth2Authorization.Token

2 participants