休息，Spring拥有OAuth2服务器+ Facebook，Google，Yahoo等OAuth2提供程序 [英] Rest, Spring own OAuth2 server + OAuth2 providers like Facebook, Google, Yahoo

问题描述

在Spring Boot应用程序中，我已使用Spring Security和Spring OAuth2保护了Spring MVC REST端点.我拥有自己的Authorization \ Resource服务器，因此为了与我们的API通讯，客户端(AngularJS)需要从我的API授权服务器获取acessToken.

In Spring Boot application I have secured my Spring MVC REST endpoints with Spring Security and Spring OAuth2. I have own Authorization\Resource servers so in order to comunicate with our API, client(AngularJS) needs to obtain acessToken from my API Authorization Server.

一切正常，但是要在我的API上进行身份验证/授权，用户需要创建自己的帐户并向我们提供其用户名/密码.

Everything works fine but for authentication/authorization on my API, user needs to create his account and provide us with his username/password.

我想简化此过程，并希望建议用户通过Google/Facebook/Twitter oAuth提供商在我的API上进行身份验证.

I'd like to simplify this process and would like to propose user to authenticate on my API via Google/Facebook/Twitter oAuth providers.

现在，我还不清楚它是如何工作的.例如，我的一个想法-Facebook将发布自己的accessToken并将其传递回我的API.基于此accessToken，我的API将发出自己的accessToken并将其传递回客户端应用程序(AngularJS).还是应该将Facebook accessToken直接传递给客户端应用?

Right now I have no clear understanding how it must work.. For example one of my ideas - Facebook will issue own accessToken and pass it back to my API. Based on this accessToken my API will issue own accessToken and pass it back to client application(AngularJS). Or should I pass Facebook accessToken directly to client app ?

上述情况的正确架构是什么?应该如何运作?

What is the correct architecture for the described case ? How should it work ?

也许有一些示例演示了基于Spring框架的这种体系结构?

Maybe there is some example that demonstrates this architecture based on Spring framework ?

推荐答案

如果要将身份验证委派给外部提供程序，则可以使用OAuth2ClientAuthenticationProcessingFilter或

If you want to delegate authentication to an external provider you can use the OAuth2ClientAuthenticationProcessingFilter, or the convenience annotations and external configuration provided in Spring Cloud Security. Example (from the Spring Cloud Security home page):

Aplication.java:

Aplication.java:

@SpringBootApplication
@EnableOAuth2Sso
public class Application {
   ...
}

application.yml:

application.yml:

spring:
  oauth2:
    client:
      clientId: bd1c0a783ccdd1c9b9e4
      clientSecret: 1a9030fbca47a5b2c28e92f19050bb77824b5ad1
      accessTokenUri: https://github.com/login/oauth/access_token
      userAuthorizationUri: https://github.com/login/oauth/authorize
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://api.github.com/user
      preferTokenInfo: false

如果您的应用程序在端口8080上运行，则可以在github上运行(我相信).类似的配置可与Facebook，Cloud Foundry，Google和其他OAuth2提供程序一起使用.

That works with github if your app is running on port 8080 (I believe). Similar configuration works with facebook, cloud foundry, google and other OAuth2 providers.

这篇关于休息，Spring拥有OAuth2服务器+ Facebook，Google，Yahoo等OAuth2提供程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！