简体繁体 English

访问令牌响应：tokenType 不能是 null

[英]Access Token Response: tokenType cannot be null

原文 2019-10-30 16:10:52 6 2 java/ spring/ spring-webflux/ spring-webclient

I am upgrading my service and implementing webclient using oAuth2, and I am getting exception is"tokenType cannot be null" could you please help me to resolve that.我正在升级我的服务并使用 oAuth2 实现 web 客户端，我得到的异常是“tokenType 不能为空”，请您帮我解决这个问题。

exception: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: Error while extracting response for type [class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] and content type [application/json];异常：org.springframework.security.oauth2.core.OAuth2AuthorizationException：[invalid_token_response] 尝试检索 OAuth 2.0 访问令牌响应时发生错误：提取类型 [class org.springframework.security.oauth2.core.endpoint .OAuth2AccessTokenResponse] 和内容类型 [application/json]； nested exception is org.springframework.http.converter.HttpMessageNotReadableException: An error occurred reading the OAuth 2.0 Access Token Response: tokenType cannot be null;嵌套异常是 org.springframework.http.converter.HttpMessageNotReadableException：读取 OAuth 2.0 访问令牌时发生错误响应：tokenType 不能为 Z37A6259CC0C1DAE299A7866 nested exception is java.lang.IllegalArgumentException: tokenType cannot be null嵌套异常是 java.lang.IllegalArgumentException：tokenType 不能是 null

2 个解决方案

Please have a look at https://github.com/spring-projects/spring-security/issues/5983#issuecomment-430620308请查看https://github.com/spring-projects/spring-security/issues/5983#issuecomment-430620308

This is well known problem because of the spec that requires a token type (BEARER in our case) to be present in the response to the client when hitting the token access uri, Spring security oauth doesnt affect a default in case of non presence of this parameter tokentype, you have a work around in the link above.这是众所周知的问题，因为规范要求在访问令牌访问 uri 时在对客户端的响应中存在令牌类型（在我们的例子中为 BEARER），Spring 安全 oauth 在不存在此的情况下不会影响默认值参数 tokentype，您可以在上面的链接中解决。

The OAuth spec states: https://tools.ietf.org/html/rfc6749#section-5.1 OAuth 规范指出： https://tools.ietf.org/html/rfc6749#section-5.1

5.1. 5.1。 Successful Response成功响应

The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code:授权服务器发出访问令牌和可选刷新令牌，并通过将以下参数添加到具有 200（OK）状态代码的 HTTP 响应的实体主体来构造响应：

access_token REQUIRED.需要访问令牌。 The access token issued by the authorization server.授权服务器颁发的访问令牌。

token_type REQUIRED. token_type 必需的。 The type of the token issued as described in Section 7.1.如第 7.1 节所述发行的令牌类型。 Value is case insensitive.值不区分大小写。

expires_in RECOMMENDED. expires_in 推荐。 The lifetime in seconds of the access token.访问令牌的生命周期（以秒为单位）。 For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.例如，值“3600”表示访问令牌将在响应生成后一小时内过期。 If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.如果省略，授权服务器应该通过其他方式提供过期时间或记录默认值。

Eventually figured out the issue,client was missing one of field in token json response that was tokenType.最终解决了这个问题，客户端缺少令牌 json 响应中的一个字段，即令牌类型。 Actually tokenType also should be included in token response, in my case tokenType was bearer.实际上 tokenType 也应该包含在令牌响应中，在我的情况下 tokenType 是不记名的。

{ "access_token": "************", "token_type": "Bearer", "expires_in": 1800, "scope": "read" } {“access_token”：“************”，“token_type”：“承载”，“expires_in”：1800，“范围”：“读取”}