在Spring Security 5 OAuth Client和Spring Boot 2.0中,authorizationGrantType不能为null [英] authorizationGrantType cannot be null in Spring Security 5 OAuth Client and Spring Boot 2.0
问题描述
我遵循了Spring Security 5.0官方参考文档和示例代码
I followed the Spring Security 5.0 official reference documentation and sample codes oauth2login to setup OAuth2/OIDC authentication in my project, but it failed and I got the following exception when I booted up my application by mvn spring-boot:run
.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository'
defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientRegistrationRepositoryConfiguration.class]:
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]:
Factory method 'clientRegistrationRepository' threw exception;
nested exception is java.lang.IllegalArgumentException: authorizationGrantType cannot be null
我使用的是Spring Boot提供的默认配置,只是在项目中添加了一些基本的依赖项,例如spring-security-config
,spring-security-oauth2-client
,spring-security-oauth2-jsoe
等.
I was using the default configuration provided by Spring Boot, and just added some basic dependencies into projects, such as spring-security-config
, spring-security-oauth2-client
, spring-security-oauth2-jsoe
etc.
已更新:
我已找到原因,对于自定义OAuth2提供程序(例如 Gitlab ),我必须添加授予类型, redirectUritemplate ,作用域, clientName 等,但是OpenID Connect规范具有配置终结点协议,例如:
I'v found the reason, for custom OAuth2 providers, such as Gitlab, I have to add grant type, redirectUritemplate, scope, clientName etc, but OpenID Connect specification has a configuration endpoint protocol, eg: https://gitlab.com/.well-known/openid-configuration , is there possible to make Spring Security to read these info automatically?
推荐答案
要详细说明上述OP的更新,需要在application.yaml
中包含以解决原始错误的属性如下所示,在本例中为Azure AD(请注意,此功能仅适用于Spring Security 5,不适用于功能为
To elaborate on OP's update above, the properties you need to include in your application.yaml
to resolve the original error are as shown below, in this case for Azure AD (note this ONLY works with Spring Security 5, NOT Spring Security OAuth2 2.x whose functionality is being merged directly into Spring Security 5):
spring:
security:
oauth2:
client:
registration:
microsoft:
client-id: a935ba7b-6aa4-4b0c-9e84-04f9acaa477b
client-secret: redacted
authorization-grant-type: authorization_code
redirect-uri-template: '{baseUrl}/login/oauth2/code/{registrationId}'
scope: User.Read
client-name: Microsoft
client-alias: microsoft
provider:
microsoft:
authorization-uri: https://login.microsoftonline.com/common/oauth2/authorize?resource=https://graph.microsoft.com/
token-uri: https://login.microsoftonline.com/common/oauth2/token
user-info-uri: https://graph.microsoft.com/v1.0/me
user-name-attribute: sub
jwk-set-uri: https://login.microsoftonline.com/common/discovery/keys
这篇关于在Spring Security 5 OAuth Client和Spring Boot 2.0中,authorizationGrantType不能为null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!