为Oauth2 Spring Boot创建自定义OpenId提供程序 [英] Creating Custom OpenId Provider for Oauth2 Spring Boot
问题描述
我已经使用Oauth2框架进行授权和访问控制,以保护我的spring boot微服务api. Oauth2框架运行良好,但是现在我的客户希望在Oauth2框架之上使用专用的OpenId Provider进行身份验证.我在Google上进行了一些搜索,但是找不到用于为Oauth2实施Own OpenId Provider的大量资源.我浏览过许多博客,并且可以理解,当我们想从Oauth2委派身份验证时,基本上使用了OpenId. OpenId是在Oauth2之上创建的,但是找不到用于激活或实现它的大量资源.
I have used Oauth2 framework for authorization and access control for protecting my spring boot microservice api's. Oauth2 framework is working fine but now my Client wants a dedicated OpenId Provider for authentication purpose on top of Oauth2 framework. I have done some round of searching across Google but couldn't find much resources for implementing Own OpenId Provider for Oauth2. I have gone through many blogs and could understood that OpenId is basically used when we want to delegate the authentication from Oauth2. OpenId is created on top of Oauth2 but couldn't find much resource for activating or implementing it.
有人可以帮我吗
我在Spring Framework中使用Oauth2完成的完整源代码如下所示
My complete source code which I have done using Oauth2 with Spring Framework is as given below
oauth2-spring
推荐答案
根据" OAuth 2.0功能列表" rel ="nofollow noreferrer"> spring-security ,Spring框架不是OpenID Connect的良好起点.新项目(Spring Security,Spring Cloud Security和Spring Boot OAuth2)均不支持授权服务器.另一方面,旧项目(Spring Security OAuth)存在体系结构问题,导致无法支持OpenID Connect.
According to "OAuth 2.0 Features Matrix" in spring-projects/spring-security, Spring Framework is not a good starting point for OpenID Connect. None of the new projects (Spring Security, Spring Cloud Security and Spring Boot OAuth2) supports Authorization Server. On the other hand, the old project (Spring Security OAuth) has architectural problems that prevent OpenID Connect support.
OpenID Connect的网站说,"OpenID Connect 1.0是最简单的身份层这句话可能给人一种印象,即OpenID Connect可以逐步在现有OAuth 2.0实现的基础上实现.但是,事实并非如此.一个证据是 spring-security-oauth ,以了解更多详细信息.
The website of OpenID Connect says "OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol." This sentence may give an impression that OpenID Connect can be implemented on top of an existing OAuth 2.0 implementation step by step. However, it's not true. One evidence is spring-security-oauth Issue 619 where you see the project has given up supporting OpenID Connect. If interested, see "5. Response Type" in "Full-Scratch Implementor of OAuth and OpenID Connect Talks About Findings" for further details.
存在许多支持OpenID Connect的实现.为什么不查看认证实施的列表?
There exist many implementations that support OpenID Connect. Why don't you check the list of certified implementations?
更新(2019年11月14日):
Update (November 14, 2019):
Spring Security团队已决定不再为授权服务器提供支持.参见其
The Spring Security team has decided to no longer provide support for authorization servers. See their announce for details.
这篇关于为Oauth2 Spring Boot创建自定义OpenId提供程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
