如何为 OAuth 2.0 设置密码授予凭证?
[英]How to set password grant credentials for OAuth 2.0?
问题描述
I am trying to set a Spring WebClient instance to use OAuth 2.0 authentication with the password grant type, but I am not sure about how to properly set the username and the password.
我正在尝试设置 Spring WebClient 实例以使用 OAuth 2.0 身份验证和密码授予类型,但我不确定如何正确设置用户名和密码。
In my application, the relevant parameters are received in the form of a Map<String, String> and not loaded from any application.yaml file.在我的应用程序中,相关参数以Map<String, String>的形式接收,而不是从任何application.yaml文件加载。 For this reason, I'm trying to do it programatically (ie, without the use of beans) - my approach might be wrong to begin with.出于这个原因,我试图以编程方式进行(即,不使用 bean)——我的方法一开始可能是错误的。
This is my non-working solution:这是我的非工作解决方案:
{
OAuth20Info oAuth20Info = (OAuth20Info) parameters.getAuthenticationInfo();
ClientRegistration registration = ClientRegistrations.fromOidcIssuerLocation(oAuth20Info.getHost() + ":" + oAuth20Info.getPort()) // host, port
.clientId(oAuth20Info.getClientId()) // clientId
.tokenUri(oAuth20Info.getTokenUrlPath()) // tokenUrlPath
.authorizationGrantType(AuthorizationGrantType.PASSWORD) // grantType
// TODO: How to set: username, password?
.build();
ReactiveClientRegistrationRepository clientRegistrations = new InMemoryReactiveClientRegistrationRepository(registration);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
new UnAuthenticatedServerOAuth2AuthorizedClientRepository());
return WebClient.builder().filter(oauth).build();
}
Hence, I don't know where I need to set the username and password.因此,我不知道我需要在哪里设置用户名和密码。 According to this : "The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely", so I am not sure if it is even supported.据此:“最新的 OAuth 2.0 安全最佳当前实践完全不允许密码授予”,所以我不确定它是否受支持。
I would expect to be able to set the username and password within the builder for the ClientRegistration instance, but it is not possible.我希望能够在构建器中为ClientRegistration实例设置用户名和密码,但这是不可能的。
So how could I set the username and password values in order to access some protected resource with password grant type credentials?那么如何设置用户名和密码值以便使用密码授予类型凭据访问某些受保护的资源呢? Thanks in advance.提前致谢。
Relevant part of my dependencies:我的依赖项的相关部分:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
<version>5.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
<version>0.9.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>5.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
<version>5.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.7.RELEASE</version>
</dependency>
<dependency>
1 个解决方案
解决方案1
-1 2020-04-06 17:19:06
You can try:你可以试试:
WebClient.builder()
.filter(ExchangeFilterFunctions
.basicAuthentication(configuration.getClientId(), configuration.getClientSecret()))
.build()
.post()
.uri(...)
...
You can use the ExchangeFilterFunctions class to add an authorization header to a request.您可以使用 ExchangeFilterFunctions class 将授权 header 添加到请求中。
Another way:另一种方式:
WebClient.builder()
.defaultHeaders(header -> header.setBasicAuth(userName, password))
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.