如何从OAuth2授权服务器/用户端点获取自定义用户信息 [英] How to get custom user info from OAuth2 authorization server /user endpoint
问题描述
我有一个配置了@EnableResourceServer
批注的资源服务器,它通过user-info-uri
参数引用授权服务器,如下所示:
security:
oauth2:
resource:
user-info-uri: http://localhost:9001/user
授权服务器/用户端点返回扩展名为org.springframework.security.core.userdetails.User
的内容,例如一封电子邮件:
{
"password":null,
"username":"myuser",
...
"email":"me@company.com"
}
每当访问某些资源服务器端点时,Spring都会通过调用授权服务器的/user
端点在后台验证访问令牌,并实际上返回丰富的用户信息(其中包含例如电子邮件信息,我已经用Wireshark进行了验证)./p>
所以问题是,如何在没有显式第二次调用授权服务器的/user
端点的情况下获得此自定义用户信息.授权后,Spring会将其存储在资源服务器上的本地位置吗?或者如果没有可用的现成的东西,实现这种用户信息存储的最佳方法是什么?
解决方案是自定义UserInfoTokenServices
默认情况下,仅提取 接线: !!使用Spring Boot 1.4进行更新变得越来越容易了! 使用Spring Boot 1.4.0时, So the question is how do I get this custom user info without an explicit second call to the authorization server's The solution is the implementation of a custom Just Provide your custom implementation as a Bean and it will be used instead of the default one. Inside this UserInfoTokenServices you can build the This UserInfoTokenServices is used to extract the UserDetails out of the response of the Only the properties specified in Wiring: !!UPDATE with Spring Boot 1.4 things are getting easier!! With Spring Boot 1.4.0 a PrincipalExtractor was introduced. This class should be implemented to extract a custom principal (see Spring Boot 1.4 Release Notes). 这篇关于如何从OAuth2授权服务器/用户端点获取自定义用户信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!PRINCIPAL_KEYS
中指定的属性.那正是您的问题.您不仅要提取用户名或您的属性命名的内容,还需要提取更多信息.因此,寻找更多的钥匙.private Object getPrincipal(Map<String, Object> map) {
MyUserDetails myUserDetails = new myUserDetails();
for (String key : PRINCIPAL_KEYS) {
if (map.containsKey(key)) {
myUserDetails.setUserName(map.get(key));
}
}
if( map.containsKey("email") {
myUserDetails.setEmail(map.get("email"));
}
//and so on..
return myUserDetails;
}
@Autowired
private ResourceServerProperties sso;
@Bean
public ResourceServerTokenServices myUserInfoTokenServices() {
return new MyUserInfoTokenServices(sso.getUserInfoUri(), sso.getClientId());
}
Whenever some resource server endpoint is accessed Spring verifies the access token behind the scenes by calling the authorization server's /user
endpoint and it actually gets back the enriched user info (which contains e.g. email info, I've verified that with Wireshark)./user
endpoint. Does Spring store it somewhere locally on the resource server after authorization or what is the best way to implement this kind of user info storing if there's nothing available out of the box?UserInfoTokenServices
principal
like you want to./users
endpoint of your authorization server. As you can see inprivate Object getPrincipal(Map<String, Object> map) {
for (String key : PRINCIPAL_KEYS) {
if (map.containsKey(key)) {
return map.get(key);
}
}
return "unknown";
}
PRINCIPAL_KEYS
are extracted by default. And thats exactly your problem. You have to extract more than just the username or whatever your property is named. So look for more keys.private Object getPrincipal(Map<String, Object> map) {
MyUserDetails myUserDetails = new myUserDetails();
for (String key : PRINCIPAL_KEYS) {
if (map.containsKey(key)) {
myUserDetails.setUserName(map.get(key));
}
}
if( map.containsKey("email") {
myUserDetails.setEmail(map.get("email"));
}
//and so on..
return myUserDetails;
}
@Autowired
private ResourceServerProperties sso;
@Bean
public ResourceServerTokenServices myUserInfoTokenServices() {
return new MyUserInfoTokenServices(sso.getUserInfoUri(), sso.getClientId());
}