Spring OAuth2 中的/check_token 和 user-info-uri 端点有什么区别? [英] What is the difference between /check_token and user-info-uri endpoints in Spring OAuth2?

问题描述

Spring 公开 /check_token 端点；请参阅此链接

Spring exposes /check_token endpoint; see this link

对于/check_token，我们需要配置RemoteTokenServices 并提取令牌.然而，我们也可以配置 UserInfoTokenServices 来做同样的事情.

For /check_token we need to configure RemoteTokenServices and it extracts the token. However, we can also configure UserInfoTokenServices that essentially does the same thing.

我能说的唯一区别是第一个是根据 OAuth 2.0 扩展:令牌自省端点，但是，根据 OAuth 2 扩展，该端点不会返回节点活动"，这是强制性的.请参阅此链接

The only difference I can tell is the first one is according to OAuth 2.0 extension: Token Introspection Endpoint, however, this endpoint doesn't return node 'active' according to OAuth 2 Extension which is mandatory. See this link

除此之外，我们拥有这些端点是否还有其他功能原因?

But that aside, is there any other functional reason that we have these endpoints?

推荐答案

我也有同样的问题，但我做了一些研究工作并得到了我的答案，希望我的回答可以帮助你.如果我有任何错误，请纠正我.

I also had the same question but I made some research work and got my answer,I hope my answer can help you.If I made any mistake,please correct me.

spring security oauth2 和 cloud-oauth2 有两个端点.

There are two endpoints in spring security oauth2 and cloud-oauth2.

check_token:在 OAuth 2.0 扩展令牌自省中定义.它的方法是 post，通过 HttpBasic 身份验证进行保护.它返回基本信息.
它是一个授权服务器端点.

check_token: defined in OAuth 2.0 extension Token Introspection. Its method is post,secured by HttpBasic authentication. It return the basic information.
It is a authorization server endpoint.

user_info_uri:在 openid-connect 中定义.它返回个人资料信息(例如电子邮件地址和生日).主要用于 SSO 登录.它可以是 post 或 get 方法.
它是一个资源服务器端点.
您可以查看下面的文档进行确认.
OpenIDConnect

user_info_uri: defined in openid-connect. It returns the profile information(for example email address and birthday).It is mainly used in SSO login.It can be post or get method.
It is a resource server endpoint.
You can check the doc below to confirm.
OpenIDConnect

让我从下面引用一些句子来总结这里
https://github.com/spring-projects/spring-security/issues/6342

Let me quote some sentences to conclude here from below
https://github.com/spring-projects/spring-security/issues/6342

/introspect 端点和/userinfo 端点非常不同，它们与提供程序在不同的场景中使用.

The /introspect endpoint and /userinfo endpoint are very different and are used in different scenarios with the provider.

/introspect 端点接受一个不透明的(通常)访问令牌并返回一组与访问令牌关联的声明.

The /introspect endpoint accepts an opaque (typically) access token and returns a set of claims associated to the access token.

/userinfo 端点接受访问令牌并返回一组与当前经过身份验证的用户关联的声明.

The /userinfo endpoint accepts an access token and returns a set of claims associated to the currently authenticated user.

这篇关于Spring OAuth2 中的/check_token 和 user-info-uri 端点有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！