Spring Boot &OAuth2.0:客户端必须至少注册一个redirect_uri [英] Spring Boot & OAuth2.0: At least one redirect_uri must be registered with the client

查看:180
本文介绍了Spring Boot &OAuth2.0:客户端必须至少注册一个redirect_uri的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以我登录到一个应用程序并转到一个需要再次登录的外部功能(全部在应用程序内).现在无法登录该外部功能,因为它会引发错误(代码 400):

OAuth 错误."error="invalid_request", error_description="必须在客户端至少注册一个 redirect_uri.

每当我使用应用程序或尝试直接登录外部功能时,都会抛出此错误.

我已将项目中的 Spring Boot 从 1.4.1 升级到 1.5.22,这可能是导致此问题的原因.将 Spring Boot 降级回 1.4.1 后,问题就消失了.

然后我再次尝试将 Spring Boot 更新到 1.5.22,并在 application.configuration 中额外包含:

security.oauth2.client.pre-established-redirect-uri=https://page.comsecurity.oauth2.client.registered-redirect-uri=https://page.comsecurity.oauth2.client.use-current-uri=false

它没有帮助.然后在浏览器的网络选项卡中,我注意到查询字符串参数中的 redirect_url 参数,它与我指定的参数不同.它是这样的:

https://page.com/oauth-authorized/app

我如上更新了 application.configuration.然而,一切都没有改变.

如何进行?

一些代码:

<预><代码>公共类 AuthorizationServerConfiguration 扩展 AuthorizationServerConfigurerAdapter {@自动连线@Qualifier("authenticationManagerBean")私有 AuthenticationManager authenticationManager;@自动连线私有 TokenStore 令牌存储;@自动连线@Qualifier("clientDetailsS​​erviceImpl")私有 ClientDetailsS​​ervice clientDetailsS​​ervice;@自动连线私有 DefaultTokenServices tokenServices;@自动连线私人 TokenEnhancer tokenEnhancer;@覆盖public void configure(AuthorizationServerEndpointsConfigurer endpoints) 抛出异常 {endpoints.setClientDetailsS​​ervice(clientDetailsS​​ervice);端点.tokenStore(tokenStore).authenticationManager(authenticationManager).tokenServices(tokenServices).tokenEnhancer(tokenEnhancer).pathMapping("/oauth/token", "/api/oauth/token").pathMapping("/oauth/check_token", "/api/oauth/check_token").pathMapping("/oauth/authorize", "/api/oauth/authorize").pathMapping("/oauth/error", "/api/oauth/error");}@覆盖public void configure(AuthorizationServerSecurityConfigurer oauthServer) 抛出异常 {oauthServer.checkTokenAccess("permitAll()");}@覆盖公共无效配置(ClientDetailsS​​erviceConfigurer 客户端)抛出异常 {客户端.withClientDetails(clientDetailsS​​ervice);}}==================================================================================================@服务@基本的公共类 ClientDetailsS​​erviceImpl 实现 ClientDetailsS​​ervice {@自动连线私有 ClientRepository clientRepository;@覆盖公共 ClientDetails loadClientByClientId(String clientId) 抛出 ClientRegistrationException {客户端客户端 = clientRepository.findOneByClientId(clientId).orElseThrow(() -> new NoSuchClientException(String.format("没有找到 clientId=%s 的客户端", clientId)));返回新的 com.app.auth.domain.ClientDetails(client);}}

再次降级 Spring Boot 后,问题似乎消失了,但问题不大.

解决方案

身份验证后,您可能需要联系资源所有者并寻求支持,然后重定向到您的客户端应用程序,或者您可以直接重定向到客户端应用程序.为此,在您的授权服务器配置中添加 redirectUris

@Configuration@EnableAuthorizationServer公共类 AuthorizationServerConfig 扩展 AuthorizationServerConfigurerAdapter{@覆盖公共无效配置(ClientDetailsS​​erviceConfigurer 客户端)抛出异常 {clients.inMemory().withClient("client_id").secret("client_secret").authorizedGrantTypes("authorization_code").scopes("read").authorities("CLIENT").redirectUris("http://localhost:8090/your_redirect_URL");}}

So I login to an app and go to an external feature, which demands another login (all within the app). Now it has become impossible to log into that external feature as it throws error (code 400): 

OAuth Error. error="invalid_request", error_description="At least one redirect_uri must be registered with the client."

This error is thrown whenever I'm using the app or try to login to the external feature directly.

I had upgraded Spring Boot in a project to 1.5.22 from 1.4.1, which may have caused this. After downgrading back Spring Boot to 1.4.1 the problem was gone.

Then I tried updating Spring Boot to 1.5.22 again and additionally included this in application.configuration:

security.oauth2.client.pre-established-redirect-uri=https://page.com
security.oauth2.client.registered-redirect-uri=https://page.com
security.oauth2.client.use-current-uri=false

It didn't help. Then in browser's Network tab I noticed redirect_url parameter in Query String Parameters, which differed from the one I specified. It was something like: 

https://page.com/oauth-authorized/app

I updated application.configuration as above. However, nothing has changed.

How to proceed?

Some code:


public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

  @Autowired
  @Qualifier("authenticationManagerBean")
  private AuthenticationManager authenticationManager;

  @Autowired
  private TokenStore tokenStore;

  @Autowired
  @Qualifier("clientDetailsServiceImpl")
  private ClientDetailsService clientDetailsService;

  @Autowired
  private DefaultTokenServices tokenServices;

  @Autowired
  private TokenEnhancer tokenEnhancer;

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.setClientDetailsService(clientDetailsService);
    endpoints
        .tokenStore(tokenStore)
        .authenticationManager(authenticationManager)
        .tokenServices(tokenServices)
        .tokenEnhancer(tokenEnhancer)
        .pathMapping("/oauth/token", "/api/oauth/token")
        .pathMapping("/oauth/check_token", "/api/oauth/check_token")
        .pathMapping("/oauth/authorize", "/api/oauth/authorize")
        .pathMapping("/oauth/error", "/api/oauth/error");
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.checkTokenAccess("permitAll()");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.withClientDetails(clientDetailsService);
  }
}
=================================================================================================

@Service
@Primary
public class ClientDetailsServiceImpl implements ClientDetailsService {

  @Autowired
  private ClientRepository clientRepository;

  @Override
  public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
    Client client = clientRepository.findOneByClientId(clientId)
        .orElseThrow(() -> new NoSuchClientException(
            String.format("Client with clientId=%s was not found", clientId)));

    return new com.app.auth.domain.ClientDetails(client);
  }

}

Edit: After downgrading Spring Boot once again the problem seems gone but it's not much of a fix.

解决方案

After authentication, you may need to contact the resource owner and ask for support and then redirect to your client application or you may redirect to client application directly. for that, add redirectUris in your Authorization server config

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("client_id").secret("client_secret").authorizedGrantTypes("authorization_code")
            .scopes("read").authorities("CLIENT").redirectUris("http://localhost:8090/your_redirect_URL");
    }
}

这篇关于Spring Boot &amp;OAuth2.0:客户端必须至少注册一个redirect_uri的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆