- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
这是我使用 OAuth2 登录 Instagram 的配置
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
resource:
userInfoUri: https://api.instagram.com/v1/users/self/
delimiter: +
这是Spring发出的请求:
如何将 response_type
更改为 &response_type=token
以及为什么 Spring 不添加作用域?
这是 App 类:
@SpringBootApplication
@EnableOAuth2Client
public class App extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
public static void main(String[] args) throws Exception {
SpringApplication.run(App.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
// logout
.and().logout().logoutSuccessUrl("/").permitAll()
// CSRF
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
// filters
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
// facebook ...
// google ...
// instagram
OAuth2ClientAuthenticationProcessingFilter instagramFilter =
new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");
OAuth2RestTemplate instagramTemplate =
new OAuth2RestTemplate(instagram(), oauth2ClientContext);
instagramFilter.setRestTemplate(instagramTemplate);
instagramFilter.setTokenServices(
new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));
filters.add(instagramFilter);
filter.setFilters(filters);
return filter;
}
@Bean
@ConfigurationProperties("instagram.client")
public AuthorizationCodeResourceDetails instagram() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("instagram.resource")
public ResourceServerProperties instagramResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
最佳答案
How can I change the response_type to &response_type=token
当我阅读代码时,AuthorizationCodeAccessTokenProvider 的
response_type 是硬代码。
private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource,
AccessTokenRequest request) {
// we don't have an authorization code yet. So first get that.
TreeMap<String, String> requestParameters = new TreeMap<String, String>();
requestParameters.put("response_type", "code"); // oauth2 spec, section 3
所以,如果你想改变response_code,你可以扩展AuthorizationCodeAccessTokenProvider
,或者实现AccessTokenProvider
,然后注入(inject)到OAuth2RestTemplate
accessTokenProvider
(默认值是一个包含AuthorizationCodeAccessTokenProvider
、ResourceOwnerPasswordAccessTokenProvider
等的AccessTokenProviderChain
,使用你自己的provider而不是 AuthorizationCodeAccessTokenProvider
)。
或者你可以改变OAuth2ClientContextFilter
中的redirectStrategy
,改变重定向时的请求参数,但我不推荐这样做。
How can I why isn't Spring adding the scopes?
AuthorizationCodeAccessTokenProvider
将从 AuthorizationCodeResourceDetails
获取范围,并将它们添加到 UserRedirectRequiredException
。我认为作用域不能注入(inject)AuthorizationCodeResourceDetails
,因为作用域不在客户端之下。也许你需要改成这个。
instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
关于spring - 如何在 Spring OAuth2 上更改 response_type,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41208178/
我是一名优秀的程序员,十分优秀!