如何更改 Spring OAuth2 上的 response_type [英] How to change response_type on Spring OAuth2
问题描述
这是我使用 Instagram 进行 OAuth2 登录的配置
instagram:客户:客户 ID:客户 ID客户秘密:clientSeretaccessTokenUri:https://api.instagram.com/oauth/access_tokenuserAuthorizationUri:https://api.instagram.com/oauth/authorizeclientAuthenticationScheme:表单范围:- 基本- 公共内容资源:userInfoUri:https://api.instagram.com/v1/users/self/分隔符:+
这是Spring提出的请求:
如何将 response_type
更改为 &response_type=token
以及为什么 Spring 不添加范围?
这是应用程序类:
@SpringBootApplication@EnableOAuth2Client公共类 App 扩展了 WebSecurityConfigurerAdapter {@自动连线OAuth2ClientContext oauth2ClientContext;public static void main(String[] args) 抛出异常 {SpringApplication.run(App.class, args);}@覆盖protected void configure(HttpSecurity http) 抛出异常 {http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest().authenticated().and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))//退出.and().logout().logoutSuccessUrl("/").permitAll()//CSRF.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())//过滤器.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);}私人过滤器 ssoFilter() {CompositeFilter filter = new CompositeFilter();列表<过滤器>过滤器 = 新的 ArrayList<>();//脸书...//谷歌...//InstagramOAuth2ClientAuthenticationProcessingFilter instagramFilter =new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");OAuth2RestTemplate instagramTemplate =新 OAuth2RestTemplate(instagram(), oauth2ClientContext);instagramFilter.setRestTemplate(instagramTemplate);instagramFilter.setTokenServices(new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));过滤器.添加(instagramFilter);filter.setFilters(过滤器);回油过滤器;}@豆@ConfigurationProperties("instagram.client")公共 AuthorizationCodeResourceDetails instagram() {返回新的 AuthorizationCodeResourceDetails();}@豆@ConfigurationProperties("instagram.resource")公共资源服务器属性 instagramResource() {返回新的 ResourceServerProperties();}@豆public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter 过滤器){FilterRegistrationBean 注册 = new FilterRegistrationBean();注册.setFilter(过滤器);注册.setOrder(-100);退货登记;}}
如何将 response_type 更改为 &response_type=token
当我阅读代码时,AuthorizationCodeAccessTokenProvider 的
response_type 是硬代码.
private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails 资源,AccessTokenRequest 请求) {//我们还没有授权码.所以首先得到那个.TreeMap<字符串,字符串>requestParameters = new TreeMap();requestParameters.put("response_type", "code");//oauth2 规范,第 3 节
所以,如果要改变response_code,可以扩展AuthorizationCodeAccessTokenProvider
,或者实现AccessTokenProvider
,然后注入OAuth2RestTemplate
> accessTokenProvider
(默认值为一个AccessTokenProviderChain
,包含AuthorizationCodeAccessTokenProvider
、ResourceOwnerPasswordAccessTokenProvider
等,使用自己的Provider而不是 AuthorizationCodeAccessTokenProvider
).
或者你可以改变OAuth2ClientContextFilter
中的redirectStrategy
,并在重定向时改变请求参数,但我不推荐这样做.
为什么 Spring 不添加范围?
AuthorizationCodeAccessTokenProvider
将从 AuthorizationCodeResourceDetails
获取范围,并将它们添加到 UserRedirectRequiredException
.我认为范围不能注入AuthorizationCodeResourceDetails
,因为范围不在客户端.也许你需要改成这样.
instagram:客户:客户 ID:客户 ID客户秘密:clientSeretaccessTokenUri:https://api.instagram.com/oauth/access_tokenuserAuthorizationUri:https://api.instagram.com/oauth/authorizeclientAuthenticationScheme:表单范围:- 基本- 公共内容
This is my configuration for OAuth2 login with Instagram
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
resource:
userInfoUri: https://api.instagram.com/v1/users/self/
delimiter: +
This is the request made by Spring:
How can I change the response_type
to &response_type=token
and how can I why isn't Spring adding the scopes?
Here is the App class:
@SpringBootApplication
@EnableOAuth2Client
public class App extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) throws Exception {
SpringApplication.run(App.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
// logout
.and().logout().logoutSuccessUrl("/").permitAll()
// CSRF
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
// filters
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
// facebook ...
// google ...
// instagram
OAuth2ClientAuthenticationProcessingFilter instagramFilter =
new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");
OAuth2RestTemplate instagramTemplate =
new OAuth2RestTemplate(instagram(), oauth2ClientContext);
instagramFilter.setRestTemplate(instagramTemplate);
instagramFilter.setTokenServices(
new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));
filters.add(instagramFilter);
filter.setFilters(filters);
return filter;
}
@Bean
@ConfigurationProperties("instagram.client")
public AuthorizationCodeResourceDetails instagram() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("instagram.resource")
public ResourceServerProperties instagramResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
How can I change the response_type to &response_type=token
As I read the code, AuthorizationCodeAccessTokenProvider‘s
response_type is hard code.
private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource,
AccessTokenRequest request) {
// we don't have an authorization code yet. So first get that.
TreeMap<String, String> requestParameters = new TreeMap<String, String>();
requestParameters.put("response_type", "code"); // oauth2 spec, section 3
So, If you want to change the response_code, you can extend the AuthorizationCodeAccessTokenProvider
, or implements the AccessTokenProvider
, and then inject to the OAuth2RestTemplate
accessTokenProvider
(the default value is a AccessTokenProviderChain
that contains AuthorizationCodeAccessTokenProvider
, ResourceOwnerPasswordAccessTokenProvider
and so on, use your own provider instead of AuthorizationCodeAccessTokenProvider
).
Or you can change the redirectStrategy
in OAuth2ClientContextFilter
, and change the request param when redirect, but I don't recommend this.
How can I why isn't Spring adding the scopes?
AuthorizationCodeAccessTokenProvider
will get scopes from AuthorizationCodeResourceDetails
, and add them to UserRedirectRequiredException
. I think the scope can't be injected to AuthorizationCodeResourceDetails
, because the scope is not under the client. Maybe you need to change to this.
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
这篇关于如何更改 Spring OAuth2 上的 response_type的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!