[英]GET /oauth/token with grant_type=authorization_code returns unauthorized
I am using spring boot oauth2 trying to set up an authorization code grant flow.我正在使用 spring boot oauth2 尝试设置授权代码授予流程。 The authorize endpoint works, generates a code and stores it in our postgres store.
授权端点工作,生成代码并将其存储在我们的 postgres 存储中。 However the second step to get a token from using the code does not work.
但是,使用代码获取令牌的第二步不起作用。
I've not modified anything with grant_types (like with TokenGranter
) that's still all as default in spring.我没有用 grant_types 修改任何东西(比如用
TokenGranter
),这在春天仍然是默认的。
I am not sending over a principle.. I believe the authorization_code takes over that?我不是在发送原则..我相信授权代码会接管吗?
I call something like:我称之为:
GET http://localhost:8088/<my_spring_app>/oauth/token?
grant_type=authorization_code&client_secret=<client_secret>
&redirect_uri=<redirect_to_flask_app>&code=Q6PNye
&scope=<three>+<scope>+<types>&client_id=<my_id>
I receive:我收到:
{
"timestamp": 1520635615344,
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/<my_spring_app>/oauth/token"
}
I'm still new to spring so I don't know where to start looking into the Spring code to find why it doesn't believe I'm authenticated.我对 spring 还是个新手,所以我不知道从哪里开始查看 Spring 代码以找出为什么它不相信我已通过身份验证。
Does anyone know where to even start looking?有谁知道从哪里开始寻找? Thanks!!
谢谢!!
You are not implementing OAuth2,您没有实施 OAuth2,
I can see in the response Location is again /<my_spring_app>/oauth/token
same server calling same server, its not OAuth2,我可以在响应中看到 Location 再次是
/<my_spring_app>/oauth/token
相同的服务器调用相同的服务器,它不是 OAuth2,
your server should have called another server OAuth2 implemented to authenticate your service,您的服务器应该调用另一个服务器 OAuth2 来验证您的服务,
so in response you must have received another service url to hit like example google.com/oauth2/authorize/code=something...
因此,作为回应,您必须收到另一个服务 url 以点击示例
google.com/oauth2/authorize/code=something...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.