Spring OAuth2中的/ check_token和user-info-uri端点之间有什么区别？ [英] What is the difference between /check_token and user-info-uri endpoints in Spring OAuth2?

问题描述

Spring公开了 / check_token 端点；参见此链接

Spring exposes /check_token endpoint; see this link

对于 / check_token ，我们需要配置 RemoteTokenServices 并提取令牌。但是，我们也可以配置 UserInfoTokenServices 基本上做同样的事情。

For /check_token we need to configure RemoteTokenServices and it extracts the token. However, we can also configure UserInfoTokenServices that essentially does the same thing.

我唯一可以分辨的是第一个是根据OAuth 2.0扩展：令牌自省端点，但是，根据强制性的OAuth 2扩展，该端点不会返回节点活动。参见此链接

The only difference I can tell is the first one is according to OAuth 2.0 extension: Token Introspection Endpoint, however, this endpoint doesn't return node 'active' according to OAuth 2 Extension which is mandatory. See this link

但是，除此之外，还有其他功能上的原因使我们拥有这些端点吗？

But that aside, is there any other functional reason that we have these endpoints?

推荐答案

我也有相同的问题，但是我做了一些研究工作并得到了答案，希望我的答案可以为您提供帮助。如果我犯了任何错误，请纠正我。

I also had the same question but I made some research work and got my answer,I hope my answer can help you.If I made any mistake,please correct me.

有两个终点在春季安全性oauth2和cloud-oauth2中。

There are two endpoints in spring security oauth2 and cloud-oauth2.

check_token：
是在OAuth 2.0扩展令牌自省中定义的。它的方法是post，通过HttpBasic身份验证来保护。它返回基本信息。

这是授权服务器端点。

check_token: defined in OAuth 2.0 extension Token Introspection. Its method is post,secured by HttpBasic authentication. It return the basic information.
It is a authorization server endpoint.

user_info_uri：
在openid-connect。
返回配置文件信息（例如电子邮件地址和生日），主要用于SSO登录。可以发布或获取方法。

是资源服务器端点。 >
您可以查看下面的文档进行确认。

OpenIDConnect

让我引用一些句子，从下面总结一下

https://github.com/spring-projects/spring-security/issues/6342

Let me quote some sentences to conclude here from below
https://github.com/spring-projects/spring-security/issues/6342

/ introspect端点和/ userinfo端点有很大的不同，并且在提供程序的不同场景中使用。

The /introspect endpoint and /userinfo endpoint are very different and are used in different scenarios with the provider.

/ introspect端点接受不透明的（通常）访问令牌并返回与该访问令牌相关的一组声明。

The /introspect endpoint accepts an opaque (typically) access token and returns a set of claims associated to the access token.

/ userinfo端点接受访问令牌，并返回与当前经过身份验证的用户相关的一组声明。

The /userinfo endpoint accepts an access token and returns a set of claims associated to the currently authenticated user.

这篇关于Spring OAuth2中的/ check_token和user-info-uri端点之间有什么区别？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！