Oauth2 Spring 安全授权码 [英] Oauth2 Spring Security Authorization Code
问题描述
我正在尝试重现此处提供的 oauth 服务器:
I am trying to reproduce the oauth server provided here:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v测试这个基本服务器的 curl 调用应该是:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v The curl call for testing this basic server should be:
curl acme:acmesecret@localhost:9999/uaa/oauth/token \
-d grant_type=authorization_code -d client_id=acme \
-d redirect_uri=http://example.com -d code=jYWioI
虽然我不断收到以下错误:无效授权码:jYWioI
Though I keep getting the following error: Invalid authorization code: jYWioI
这个授权码要在授权服务器哪里配置?
Where is this authorization code to be configured in the authorization server?
推荐答案
您需要生成新的授权码!
You need to generate a new authorization code!
您可以使用授权类型 authorization_code 或密码来实现
You can do it using the grant type authorization_code or password
使用authorization_code:
打开浏览器并访问授权端点http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com
Open your browser and to visit the authorization endpoint http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com
登录过程(登录:用户密码:密码)后,您将被重定向到http://example.com/?code=CODE <-- 这是您的代码应该在下一个请求中使用
After the login process (login: user password: password), you will be redirected to http://example.com/?code=CODE <-- this is the code that you should use in the next request
现在你得到了令牌:
curl acme:acmesecret@localhost:9999/uaa/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://example.com -d code=CODE
响应:{"access_token":"eyJhbGciOiJS....."}
response: {"access_token":"eyJhbGciOiJS....."}
使用密码 grantType:
curl acme:acmesecret@localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password
响应:{"access_token":"eyJhbGciOiJS....."}
response: {"access_token":"eyJhbGciOiJS....."}
我建议您阅读有关 oauth grantTypes 的更多信息,以了解什么更适合您的解决方案https://aaronparecki.com/articles/2012/07/29/1/oauth2-简化
I recommend you to read more about oauth grantTypes, to know what's is better for your solution https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified
这篇关于Oauth2 Spring 安全授权码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!