Spring OAuth2中的/ check_token和user-info-uri端点之间有什么区别? [英] What is the difference between /check_token and user-info-uri endpoints in Spring OAuth2?
问题描述
Spring公开了 / check_token
端点;参见此链接
Spring exposes /check_token
endpoint; see this link
对于 / check_token
,我们需要配置 RemoteTokenServices
并提取令牌。但是,我们也可以配置 UserInfoTokenServices
基本上做同样的事情。
For /check_token
we need to configure RemoteTokenServices
and it extracts the token. However, we can also configure UserInfoTokenServices
that essentially does the same thing.
我唯一可以分辨的是第一个是根据OAuth 2.0扩展:令牌自省端点,但是,根据强制性的OAuth 2扩展,该端点不会返回节点活动。参见此链接
The only difference I can tell is the first one is according to OAuth 2.0 extension: Token Introspection Endpoint, however, this endpoint doesn't return node 'active' according to OAuth 2 Extension which is mandatory. See this link
但是,除此之外,还有其他功能上的原因使我们拥有这些端点吗?
But that aside, is there any other functional reason that we have these endpoints?
推荐答案
我也有相同的问题,但是我做了一些研究工作并得到了答案,希望我的答案可以为您提供帮助。如果我犯了任何错误,请纠正我。
I also had the same question but I made some research work and got my answer,I hope my answer can help you.If I made any mistake,please correct me.
有两个终点在春季安全性oauth2和cloud-oauth2中。
There are two endpoints in spring security oauth2 and cloud-oauth2.
check_token:
是在OAuth 2.0扩展令牌自省中定义的。它的方法是post,通过HttpBasic身份验证来保护。它返回基本信息。
这是授权服务器端点。
check_token:
defined in OAuth 2.0 extension Token Introspection. Its method is post,secured by HttpBasic authentication. It return the basic information.
It is a authorization server endpoint.
user_info_uri:
在openid-connect。
返回配置文件信息(例如电子邮件地址和生日),主要用于SSO登录。可以发布或获取方法。
是资源服务器端点。 >
您可以查看下面的文档进行确认。
OpenIDConnect
让我引用一些句子,从下面总结一下
https://github.com/spring-projects/spring-security/issues/6342
Let me quote some sentences to conclude here from below
https://github.com/spring-projects/spring-security/issues/6342
/ introspect端点和/ userinfo端点有很大的不同,并且在提供程序的不同场景中使用。
The /introspect endpoint and /userinfo endpoint are very different and are used in different scenarios with the provider.
/ introspect端点接受不透明的(通常)访问令牌并返回与该访问令牌相关的一组声明。
The /introspect endpoint accepts an opaque (typically) access token and returns a set of claims associated to the access token.
/ userinfo端点接受访问令牌,并返回与当前经过身份验证的用户相关的一组声明。
The /userinfo endpoint accepts an access token and returns a set of claims associated to the currently authenticated user.
这篇关于Spring OAuth2中的/ check_token和user-info-uri端点之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!