Spring OAuth2和redirect_uri中的查询字符串参数
[英]Spring OAuth2 and query string parameters in redirect_uri
问题描述
So we've a spring-boot based oauth2 server. 
因此,我们有一个基于spring-boot的oauth2服务器。 One of our applications relying on this server tries to initiate an auth request using the following url: 我们依赖此服务器的应用程序之一尝试使用以下URL发起身份验证请求:
https://oauth2server/oauth/authorize?response_type=code&grant_type=authorization_code&client_id=myClient&redirect_uri=http%3A%2F%2Fapplicationserver%2Flogin%3Fparameter%3Dvalue
The user enters credentials, approves the app, and is redirected back to the application-server via the redirect_uri with a code: 用户输入凭据,批准应用,然后通过redirect_uri使用以下代码将其重定向回到应用服务器:
http://applicationserver/login?parameter=value&code=tokenCode
When the application-server then calls the oauth2 resource api (oath/token) it gets RedirectMismatchException("Redirect URI mismatch.") because the approved redirect doesn't contain the query string parameters, rather only http://applicationserver/login 当应用程序服务器随后调用oauth2资源api(宣誓/令牌)时,它将获得RedirectMismatchException("Redirect URI mismatch.")因为批准的重定向不包含查询字符串参数,而仅包含http:// applicationserver / login
How can we set a certain url prefix to be an approved redirect uri while ignoring query string parameters? 如何在忽略查询字符串参数的同时将某个URL前缀设置为批准的重定向uri? or are we doing something inherently wrong? 还是我们天生做错了什么?
Thanks!! 谢谢!!
1 个解决方案
解决方案1
0 2018-05-29 18:11:03
If I understand it correctly your intention is to send data with the initial authorize request which should be returned when redirecting back to the application. 如果我正确理解,您的意图是发送带有初始授权请求的数据,该请求应在重定向回应用程序时返回。
A library I am using currently provides the feature that an additional state can be stored together with the nonce in the state parameter like: 我正在使用的库当前提供的功能是,可以将其他状态与现时一起存储在state参数中,例如:
state = nonce + nonceStateSeparator + customState;
The state parameter is described as: 状态参数描述为:
An opaque value used by the client to maintain state between the request and callback.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.