[英]How to generate client-id & client-secret in spring-boot and store in database?
I know questions similar to this already exist on stackoverflow.我知道 stackoverflow 上已经存在类似的问题。 When I went through them, it didn't solved the problem I'm looking for.
当我浏览它们时,它并没有解决我正在寻找的问题。
I've a spring-boot web service as Oaut2ClientManagement
, in which I've creating an API which will basically register a new client.我有一个spring-boot web 服务作为
Oaut2ClientManagement
,我在其中创建了一个 API 基本上将注册一个新客户端。 When new company is getting registered, the companyId
(it is predefined in some company_details
table, yes the company is added in list but not registered to access APIs) is sent so based on that I've to generate client-id
& client-secret
which I'll store in CLIENT_KEY_MANAGEMENT
table.当新公司注册时,
companyId
(它是在一些company_details
表中预定义的,是的,公司已添加到列表中但未注册以访问 API)被发送,因此我必须生成client-id
和client-secret
我将存储在CLIENT_KEY_MANAGEMENT
表中。 Based on this I write a java code to generating accessToken
.基于此,我编写了一个 java 代码来生成
accessToken
。
So my question here is how can I generate client-id & client-secret based on companyId
I've received in request?所以我的问题是如何根据我在请求中收到的
companyId
生成client-id和client-secret ? I've went through this answer .我已经完成了这个答案。 But is there any pre-defined way in
spring-boot oauth
which can do this job?但是
spring-boot oauth
中是否有任何预定义的方式可以完成这项工作? As next step is to generate access token based on it.下一步是基于它生成访问令牌。
I also went through oAuth tutorial .我还浏览了 oAuth教程。 But, in this the
client-id
& client-secret
are stored in properties file not in Database/other source.但是,在此
client-id
和client-secret
存储在属性文件中,而不是在数据库/其他源中。 Also seems like it's single pair.也好像是单对。
It will be great if someone can guide me to achieve above scenario using spring-boot
.如果有人可以指导我使用
spring-boot
实现上述场景,那就太好了。
There is a JdbcClientDetailsService
for this specific purpose.有一个用于此特定目的的
JdbcClientDetailsService
。
You need to define the following table in your database您需要在数据库中定义下表
create table oauth_client_details (
client_id VARCHAR(256) PRIMARY KEY,
resource_ids VARCHAR(256),
client_secret VARCHAR(256),
scope VARCHAR(256),
authorized_grant_types VARCHAR(256),
web_server_redirect_uri VARCHAR(256),
authorities VARCHAR(256),
access_token_validity INTEGER,
refresh_token_validity INTEGER,
additional_information VARCHAR(4096),
autoapprove VARCHAR(256)
);
and configure your Oauth2 authorization server as following并配置您的 Oauth2 授权服务器,如下所示
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
}
And finally you can inject JdbcClientDetailsService
bean in the location you are registering a companyId
.最后,您可以在注册
companyId
的位置注入JdbcClientDetailsService
bean。
@Autowired
JdbcClientDetailsService jdbcClientDetailsService;
...
BaseClientDetails clientDetails = new BaseClientDetails(companyId, resourceIds, scopes, grantTypes, authorities);
clientDetails.setClientSecret("generatedpassword");
jdbcClientDetailsService.addClientDetails(clientDetails);
Finally you can login using those client credentials.最后,您可以使用这些客户端凭据登录。
UPDATE更新
If you want your passwords to be hashed you can set a PasswordEncoder as below.如果您希望您的密码被散列,您可以如下设置 PasswordEncoder。
clients.jdbc(dataSource)
.passwordEncoder(new BCryptPasswordEncoder())
BaseClientDetails
is available in package org.springframework.security.oauth2.provider.client
. BaseClientDetails
在 package org.springframework.security.oauth2.provider.client
中可用。
The client secret will not be generated by the service.服务不会生成客户端密码。 You need to generate it and set it to
BaseClientDetails
.您需要生成它并将其设置为
BaseClientDetails
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.