gpt4 book ai didi

spring - 如何在 Spring OAuth2 上更改 response_type

转载 作者:行者123 更新时间:2023-12-02 04:37:12 26 4
gpt4 key购买 nike

这是我使用 OAuth2 登录 Instagram 的配置

instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content
resource:
userInfoUri: https://api.instagram.com/v1/users/self/
delimiter: +

这是Spring发出的请求:

https://api.instagram.com/oauth/authorize?client_id=clientId&redirect_uri=http://localhost:8080/login/instagram&response_type=code&state=CG6mMQ

如何将 response_type 更改为 &response_type=token 以及为什么 Spring 不添加作用域?

这是 App 类:

@SpringBootApplication
@EnableOAuth2Client
public class App extends WebSecurityConfigurerAdapter {

@Autowired
OAuth2ClientContext oauth2ClientContext;

public static void main(String[] args) throws Exception {
SpringApplication.run(App.class, args);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
// logout
.and().logout().logoutSuccessUrl("/").permitAll()
// CSRF
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
// filters
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}

private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();

// facebook ...
// google ...

// instagram
OAuth2ClientAuthenticationProcessingFilter instagramFilter =
new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");
OAuth2RestTemplate instagramTemplate =
new OAuth2RestTemplate(instagram(), oauth2ClientContext);
instagramFilter.setRestTemplate(instagramTemplate);
instagramFilter.setTokenServices(
new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));
filters.add(instagramFilter);

filter.setFilters(filters);
return filter;
}

@Bean
@ConfigurationProperties("instagram.client")
public AuthorizationCodeResourceDetails instagram() {
return new AuthorizationCodeResourceDetails();
}

@Bean
@ConfigurationProperties("instagram.resource")
public ResourceServerProperties instagramResource() {
return new ResourceServerProperties();
}

@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}

最佳答案

How can I change the response_type to &response_type=token

当我阅读代码时,AuthorizationCodeAccessTokenProvider 的 response_type 是硬代码。

private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource,
AccessTokenRequest request) {

// we don't have an authorization code yet. So first get that.
TreeMap<String, String> requestParameters = new TreeMap<String, String>();
requestParameters.put("response_type", "code"); // oauth2 spec, section 3

所以,如果你想改变response_code,你可以扩展AuthorizationCodeAccessTokenProvider,或者实现AccessTokenProvider,然后注入(inject)到OAuth2RestTemplate accessTokenProvider(默认值是一个包含AuthorizationCodeAccessTokenProviderResourceOwnerPasswordAccessTokenProvider等的AccessTokenProviderChain,使用你自己的provider而不是 AuthorizationCodeAccessTokenProvider)。

或者你可以改变OAuth2ClientContextFilter中的redirectStrategy,改变重定向时的请求参数,但我不推荐这样做。

How can I why isn't Spring adding the scopes?

AuthorizationCodeAccessTokenProvider 将从 AuthorizationCodeResourceDetails 获取范围,并将它们添加到 UserRedirectRequiredException。我认为作用域不能注入(inject)AuthorizationCodeResourceDetails,因为作用域不在客户端之下。也许你需要改成这个。

instagram:
client:
clientId: clientId
clientSecret: clientSeret
accessTokenUri: https://api.instagram.com/oauth/access_token
userAuthorizationUri: https://api.instagram.com/oauth/authorize
clientAuthenticationScheme: form
scope:
- basic
- public_content

关于spring - 如何在 Spring OAuth2 上更改 response_type,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41208178/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com