如何从 OAuth2 客户端应用程序中的授权服务器获取作为访问令牌响应一部分的附加信息
[英]How to get additional information which is part of access token response from authorization server in OAuth2 client app
问题描述
Access token response
访问令牌响应
{
"access_token": "fd515395-ab03-4cc5-9ba4-03c42bdfdf189b73",
"token_type": "bearer",
"refresh_token": "176ee948-ebdc-4d51-9768-08aa1dfdd081442",
"expires_in": 10799,
"scope": "user_info",
"instance_url": "https://xxxx.xxx.com/xx-xxx-service"
}
I've tried as below but no luck我试过如下但没有运气
@RequestMapping("/securedPage")
public String securedPage( Model model, OAuth2AuthenticationToken authToken ) {
OAuth2AuthorizedClient client = clientService.loadAuthorizedClient( authToken.getAuthorizedClientRegistrationId(), authToken.getName() );
OAuth2AccessToken accessToken = client.getAccessToken();
System.out.println( accessToken.getTokenValue() );
System.out.println( accessToken.getExpiresAt() );
System.out.println( client.getPrincipalName() );
System.out.println( client.getRefreshToken().getTokenValue() );
// Get "instance_url" here
return "securedPage.html";
}
1 个解决方案
解决方案1
0 2019-12-19 08:33:25
I see 3 possible ways to get the result:我看到了 3 种可能的方法来获得结果:
Using injecting
Principalobject.使用注入Principal对象。 For Spring OAuth2 it's implemented with classOAuth2Authentication.对于 Spring OAuth2,它是用OAuth2Authentication类OAuth2Authentication。 You can find most of the information in this object - indetails,userAuthentication,storedRequest.您可以在此对象中找到大部分信息 - details,userAuthentication,storedRequest。 Inspect it and you will see what you need.检查它,你会看到你需要什么。Get directly all required parameters with authentication request:
通过身份验证请求直接获取所有必需的参数:
Service method:服务方式:
var resourceDetails = ((OAuth2RestTemplate) restTemplate).getResource();
var headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(resourceDetails.getClientId(), resourceDetails.getClientSecret());
var form = new LinkedMultiValueMap<String, String>();
form.add("grant_type", "password");
form.add("username", "<username>");
form.add("password", "<password>");
var request = new HttpEntity<>(form, headers);
var response = restTemplate.postForObject(resourceDetails.getAccessTokenUri(), request, LinkedHashMap.class);
The object response contains all parameters like in your access token response.对象response包含访问令牌响应中的所有参数。
One thing - you need to use a specific restTemplate like next:一件事 - 您需要使用特定的restTemplate如下所示:
var resourceDetails = new ClientCredentialsResourceDetails();
resourceDetails.setClientId("<clientId>");
resourceDetails.setClientSecret("<clientSecret>");
resourceDetails.setAccessTokenUri("<accessTokenUri>");
resourceDetails.setScope("<scopes>");
resourceDetails.setAuthenticationScheme(AuthenticationScheme.header);
resourceDetails.setGrantType("client_credentials");
var restTemplate = new OAuth2RestTemplate(resourceDetails, new DefaultOAuth2ClientContext());
var requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setConnectTimeout(10000);
requestFactory.setConnectionRequestTimeout(10000);
requestFactory.setReadTimeout(10000);
restTemplate.setRequestFactory(requestFactory);
var tokenProvider = new ClientCredentialsAccessTokenProvider();
tokenProvider.setRequestFactory(requestFactory);
restTemplate.setAccessTokenProvider(new AccessTokenProviderChain(Arrays.<AccessTokenProvider>asList(
new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(), tokenProvider)));
- Generate an object on the Authorization Server and to respond it with a similar restTemplate to the Client.在授权服务器上生成一个对象,并用类似的 restTemplate 向客户端响应它。 This is an undesirable approach but it can be implemented also.这是一种不受欢迎的方法,但也可以实施。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.