Spring Boot和OAuth2社交登录，无法获取refreshToken [英] Spring Boot and OAuth2 social login, unable to get refreshToken

问题描述

有一个如何使用 Spring 和 Spring Boot 实现 OAuth2 的指南 https://spring.io/guides/tutorials/spring-boot-oauth2/

There is a guide how to implement OAuth2 using Spring and Spring Boot https://spring.io/guides/tutorials/spring-boot-oauth2/

我需要在我的数据库中存储 OAuth2 信息，如 accessToken、refreshToken 以备将来使用.现在我只能获取accessToken.根据本指南，我无法弄清楚如何获取 refreshToken.

I need to store OAuth2 information like accessToken, refreshToken in my database for future use. Right now I can only get accessToken. I can't figure out how to get refreshToken based on this guide.

使用本指南中描述的方法获取 refreshToken 的正确方法是什么?

What is the proper way to get refreshToken using approach described in this guide ?

更新

我可以在 OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication 方法中访问 refreshToken 但只有 accessToken 被 paased 到 ResourceServerTokenServices.loadAuthentication> 方法.

I have an access to refreshToken in OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication method but only accessToken is paased to ResourceServerTokenServices.loadAuthentication method.

现在我不明白如何在 Facebook 中成功授权后基于此方法获取 OAuth2 信息并将其重用于 Facebook API 调用.请指教.

Right now I don't understand how to get OAuth2 information based on this approach after successful authorization in Facebook and to reuse it for Facebook API calls. Please advise.

更新

我已将 JdbcClientTokenServices 添加到我的 SSO 过滤器，但它不起作用

I have added JdbcClientTokenServices to my SSO filter but it doesn't work

private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingFilter clientFilter = new OAuth2ClientAuthenticationProcessingFilter(path);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);

        //
        AccessTokenProviderChain tokenProviderChain = new AccessTokenProviderChain(new ArrayList<>(Arrays.asList(new AuthorizationCodeAccessTokenProvider())));
        tokenProviderChain.setClientTokenServices(new JdbcClientTokenServices(dataSource));
        oAuth2RestTemplate.setAccessTokenProvider(tokenProviderChain);
        //

        clientFilter.setRestTemplate(oAuth2RestTemplate);
        clientFilter.setTokenServices(new OkUserInfoTokenServices(okService, client.getClient().getClientId(), apiUrl, eventService));
        clientFilter.setAuthenticationSuccessHandler(new UrlParameterAuthenticationHandler());
        return clientFilter;
    }

推荐答案

首先:在使用 OAuth2 时，有必要很好地理解协议的工作原理.这不是太难，但你需要很好地掌握它才能使用它.在我看来，最好的参考点是规范本身:https://tools.ietf.org/html/rfc6749

First of all: when working with OAuth2 it is necessary to have a good understanding of how the protocol works. It's not too difficult, but you need to have a good grasp of it to be able to work with it. In my opinion the best point of reference is the specification itself: https://tools.ietf.org/html/rfc6749

响应下面的对话和现有的拉取请求 https://github.com/spring-projects/spring-security-oauth/pull/499 我会(只要拉取请求未发布)子类 OAuth2ClientAuthenticationProcessingFilter 并根据拉取请求包含更改，然后使用它ssoFilter 方法中的类.

In response to the conversation below and the existing pull request https://github.com/spring-projects/spring-security-oauth/pull/499 I would (as long as the pull request isn't released) subclass OAuth2ClientAuthenticationProcessingFilter and include the changes as per pull request, then use that class in the ssoFilter method.

因此:

package com.example;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.token.ClientTokenServices;

public class OAuth2ClientAuthenticationProcessingAndSavingFilter extends OAuth2ClientAuthenticationProcessingFilter {

    private ClientTokenServices clientTokenServices;

    public OAuth2ClientAuthenticationProcessingAndSavingFilter(String defaultFilterProcessesUrl, ClientTokenServices clientTokenServices) {
        super(defaultFilterProcessesUrl);
        this.clientTokenServices = clientTokenServices;
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            FilterChain chain, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, chain, authResult);
        if (clientTokenServices != null) {
            clientTokenServices.saveAccessToken(restTemplate.getResource(), SecurityContextHolder.getContext()
                    .getAuthentication(), restTemplate.getAccessToken());
        }
    }

}

和

private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingAndSavingFilter clientFilter = new OAuth2ClientAuthenticationProcessingAndSavingFilter(path, clientTokenService);
       ...

并为您的 clientTokenService 添加一个 bean

and add a bean for your clientTokenService

这篇关于Spring Boot和OAuth2社交登录，无法获取refreshToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！