[英]spring security oauth2 client_credentials flow only
I'm trying to use spring boot to create an oauth2 authorization that only supports the client credentials flow. 我正在尝试使用Spring Boot创建仅支持客户端凭据流的oauth2授权。 As I understand that flow, the client accesses the /oauth/token endpoint directly.
据我了解,该流程是客户端直接访问/ oauth / token端点。 Is there a way to disable the /oauth/authorize endpoint in spring boot and allow direct access to /oauth/token without having to be fully authorized first?
有没有一种方法可以在春季启动时禁用/ oauth / authorize端点并允许直接访问/ oauth / token,而无需先获得完全授权?
@Configuration
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// TODO: Is there something I can do here to disable /oauth/authorize?
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// client details configuration
}
}
I can't speak to disabling the authorize endpoint but you're right that you can go directly to the token endpoint with the client credentials flow. 我不能说禁用授权端点,但您是对的,您可以使用客户端凭据流直接转到令牌端点。 I'm probably restating something you already know but the credentials for a "client" (client_id/client_secret) are different from the credentials of a "user" (username/password).
我可能正在重申您已经知道的一些信息,但是“客户端”的凭据(client_id / client_secret)与“用户”的凭据(用户名/密码)不同。 A "user" goes to the authorize endpoint so that the client can then get tokens from the token endpoint.
“用户”进入授权端点,以便客户端随后可以从令牌端点获取令牌。 A "client" (in the client credentials flow) provides the client credentials to the token endpoint directly.
“客户端”(在客户端凭证流中)直接将客户端凭证提供给令牌端点。 Do you need to disable the authorize endpoint?
您需要禁用授权端点吗?
So, for client_credentials flow, you don't need to go to authorize first (you don't need to disable it). 因此,对于client_credentials流程,您无需先进行授权(无需禁用它)。 Here's how you'd curl your token if your spring-boot authorization server was on localhost:8080:
如果您的spring-boot授权服务器位于localhost:8080上,则可以使用以下方法卷曲令牌:
curl -H "Authorization: Basic d2VhcHA6" -X POST http://localhost:8080/oauth/token?grant_type=client_credentials curl -H“授权:基本d2VhcHA6” -X POST http:// localhost:8080 / oauth / token?grant_type = client_credentials
where d2VhcHA6 is the base64 encoding of your "client_id:client_secret" 其中d2VhcHA6是“ client_id:client_secret”的base64编码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.