Spring OAuth2对TokenEndpoint禁用HTTP基本身份验证 [英] Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

查看：756 发布时间：2020/7/9 2:07:14 spring spring-security oauth spring-security-oauth2 spring-oauth2

本文介绍了Spring OAuth2对TokenEndpoint禁用HTTP基本身份验证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我从Spring OAuth2开始.到目前为止，我已经通过配置保护了我的应用程序.但是我有一个问题，我的客户端不支持HTTP基本授权.

I am starting with Spring OAuth2. So far so good, I have secured my app with the configuration. But I have an issue, my client does not support HTTP Basic Authorization.

有没有一种方法可以为/oauth/token端点禁用HTTP Basic Auth?我想在JSON正文或请求标头中发送client_id和client_secret.

Is there a way how to disable HTTP Basic Auth for the /oauth/token endpoint? I would like to send the client_id and client_secret in the JSON body or in the request headers.

我想工作的卷曲示例:

curl -X POST -H "Content-Type: application/json" -d '{
"username": "user",
"password": "pass",
"grant_type": "password",
"client_id": "test-client-id",
"client_secret": "test-client-secret"
}' "http://localhost:9999/api/oauth/token"

curl -X POST -H "Content-Type: application/json" -H "X-Client-ID: test-client-id" -H "X-Client-Secret: test-client-secret" -d '{
"username": "user",
"password": "pass",
"grant_type": "password"
}' "http://localhost:9999/api/oauth/token"

推荐答案

我终于弄明白了.禁用HTTP Basich身份验证的方法是为客户端启用表单身份验证.只需将这些行添加到您的配置中即可.

I finally figure it out. The way how to disable the HTTP Basich Auth is to enable a form authentication for clients. Just add those lines to your configuration.

@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.allowFormAuthenticationForClients();
  }
}

现在，您将能够像这样将成功的请求发送到TokenEndpoint:

Now you will be able to send successful request to TokenEndpoint like this:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'username=user_username&password=user_password&grant_type=password&client_id=your_trusted_client_id&client_secret=your_trusted_client_secret' "http://localhost:8080/oauth/token"

但是仍然存在ContentType应用程序/json问题.有人对此有解决方案吗?

But there is still remaining the ContentType application/json issue remaining. Anyone have a solution for this?

这篇关于Spring OAuth2对TokenEndpoint禁用HTTP基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Spring OAuth2对TokenEndpoint禁用HTTP基本身份验证 [英] Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

Spring OAuth2对TokenEndpoint禁用HTTP基本身份验证 [英] Spring OAuth2 disable HTTP Basic Auth for TokenEndpoint

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭