如何更改 Spring OAuth2 上的 response_type [英] How to change response_type on Spring OAuth2
问题描述
这是我使用 Instagram 进行 OAuth2 登录的配置
instagram:客户:客户 ID:客户 ID客户秘密:clientSeretaccessTokenUri:https://api.instagram.com/oauth/access_tokenuserAuthorizationUri:https://api.instagram.com/oauth/authorizeclientAuthenticationScheme:表单范围:- 基本- 公共内容资源:userInfoUri:https://api.instagram.com/v1/users/self/分隔符:+这是Spring提出的请求:
如何将 response_type 更改为 &response_type=token 以及为什么 Spring 不添加范围?
这是应用程序类:
@SpringBootApplication@EnableOAuth2Client公共类 App 扩展了 WebSecurityConfigurerAdapter {@自动连线OAuth2ClientContext oauth2ClientContext;public static void main(String[] args) 抛出异常 {SpringApplication.run(App.class, args);}@覆盖protected void configure(HttpSecurity http) 抛出异常 {http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest().authenticated().and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))//退出.and().logout().logoutSuccessUrl("/").permitAll()//CSRF.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())//过滤器.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);}私人过滤器 ssoFilter() {CompositeFilter filter = new CompositeFilter();列表<过滤器>过滤器 = 新的 ArrayList<>();//脸书...//谷歌...//InstagramOAuth2ClientAuthenticationProcessingFilter instagramFilter =new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");OAuth2RestTemplate instagramTemplate =新 OAuth2RestTemplate(instagram(), oauth2ClientContext);instagramFilter.setRestTemplate(instagramTemplate);instagramFilter.setTokenServices(new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));过滤器.添加(instagramFilter);filter.setFilters(过滤器);回油过滤器;}@豆@ConfigurationProperties("instagram.client")公共 AuthorizationCodeResourceDetails instagram() {返回新的 AuthorizationCodeResourceDetails();}@豆@ConfigurationProperties("instagram.resource")公共资源服务器属性 instagramResource() {返回新的 ResourceServerProperties();}@豆public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter 过滤器){FilterRegistrationBean 注册 = new FilterRegistrationBean();注册.setFilter(过滤器);注册.setOrder(-100);退货登记;}}如何将 response_type 更改为 &response_type=token
当我阅读代码时,AuthorizationCodeAccessTokenProvider 的 response_type 是硬代码.
private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails 资源,AccessTokenRequest 请求) {//我们还没有授权码.所以首先得到那个.TreeMap<字符串,字符串>requestParameters = new TreeMap();requestParameters.put("response_type", "code");//oauth2 规范,第 3 节 所以,如果要改变response_code,可以扩展AuthorizationCodeAccessTokenProvider,或者实现AccessTokenProvider,然后注入OAuth2RestTemplate> accessTokenProvider(默认值为一个AccessTokenProviderChain,包含AuthorizationCodeAccessTokenProvider、ResourceOwnerPasswordAccessTokenProvider等,使用自己的Provider而不是 AuthorizationCodeAccessTokenProvider).
或者你可以改变OAuth2ClientContextFilter中的redirectStrategy,并在重定向时改变请求参数,但我不推荐这样做.
为什么 Spring 不添加范围?
AuthorizationCodeAccessTokenProvider 将从 AuthorizationCodeResourceDetails 获取范围,并将它们添加到 UserRedirectRequiredException.我认为范围不能注入AuthorizationCodeResourceDetails,因为范围不在客户端.也许你需要改成这样.
instagram:客户:客户 ID:客户 ID客户秘密:clientSeretaccessTokenUri:https://api.instagram.com/oauth/access_tokenuserAuthorizationUri:https://api.instagram.com/oauth/authorizeclientAuthenticationScheme:表单范围:- 基本- 公共内容This is my configuration for OAuth2 login with Instagram
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
resource:
userInfoUri: https://api.instagram.com/v1/users/self/
delimiter: +
This is the request made by Spring:
How can I change the response_type to &response_type=token and how can I why isn't Spring adding the scopes?
Here is the App class:
@SpringBootApplication
@EnableOAuth2Client
public class App extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) throws Exception {
SpringApplication.run(App.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
// logout
.and().logout().logoutSuccessUrl("/").permitAll()
// CSRF
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
// filters
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
// facebook ...
// google ...
// instagram
OAuth2ClientAuthenticationProcessingFilter instagramFilter =
new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");
OAuth2RestTemplate instagramTemplate =
new OAuth2RestTemplate(instagram(), oauth2ClientContext);
instagramFilter.setRestTemplate(instagramTemplate);
instagramFilter.setTokenServices(
new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));
filters.add(instagramFilter);
filter.setFilters(filters);
return filter;
}
@Bean
@ConfigurationProperties("instagram.client")
public AuthorizationCodeResourceDetails instagram() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("instagram.resource")
public ResourceServerProperties instagramResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
How can I change the response_type to &response_type=token
As I read the code, AuthorizationCodeAccessTokenProvider‘s response_type is hard code.
private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource,
AccessTokenRequest request) {
// we don't have an authorization code yet. So first get that.
TreeMap<String, String> requestParameters = new TreeMap<String, String>();
requestParameters.put("response_type", "code"); // oauth2 spec, section 3
So, If you want to change the response_code, you can extend the AuthorizationCodeAccessTokenProvider, or implements the AccessTokenProvider, and then inject to the OAuth2RestTemplate accessTokenProvider(the default value is a AccessTokenProviderChain that contains AuthorizationCodeAccessTokenProvider, ResourceOwnerPasswordAccessTokenProvider and so on, use your own provider instead of AuthorizationCodeAccessTokenProvider).
Or you can change the redirectStrategy in OAuth2ClientContextFilter, and change the request param when redirect, but I don't recommend this.
How can I why isn't Spring adding the scopes?
AuthorizationCodeAccessTokenProvider will get scopes from AuthorizationCodeResourceDetails, and add them to UserRedirectRequiredException. I think the scope can't be injected to AuthorizationCodeResourceDetails, because the scope is not under the client. Maybe you need to change to this.
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
这篇关于如何更改 Spring OAuth2 上的 response_type的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
