[英]Use SpringSecurity's OAuth2 functionality on demand on custom endpoint
We have a Spring Boot
web app which uses JWT based authentication/authorisation.我们有一个Spring Boot
web 应用程序,它使用基于 JWT 的身份验证/授权。 Now, we want to add OAuth2 support so that users can login using their Google account.现在,我们要添加 OAuth2 支持,以便用户可以使用他们的 Google 帐户登录。 That would be easy to do using Spring Security
.使用Spring Security
很容易做到这一点。
However, the requirement is a bit different.但是,要求有点不同。
If the user wants to use the Google login functionality, he first needs to link their Google account.如果用户想使用谷歌登录功能,他首先需要链接他们的谷歌账户。 Basically login into our application using his/her credentials, and on their profile page link their Google account.基本上使用他/她的凭据登录我们的应用程序,并在他们的个人资料页面上链接他们的 Google 帐户。
The flow would be something like the following:流程将类似于以下内容:
POST /users/{userId}/accounts
which will receive the token returned by Google之后,在经过身份验证的端点上向我们的后端发出请求,例如POST /users/{userId}/accounts
将接收 Google 返回的令牌My question is, for step 4 , what is the best practice for that?我的问题是,对于第 4 步,最佳做法是什么? How can I use all the stuff that Spring Security
is offering to achieve this?我如何使用Spring Security
提供的所有东西来实现这一目标?
Thank you in advance,先感谢您,
You have the authorization code and you exchange for access token all over https and all in backend.您拥有授权码,并在 https 和后端交换访问令牌。
There is no need to validate access token ( I don't think spring security even does this part for integration with google ) at your end.无需在您的最后验证访问令牌(我认为 spring 安全性甚至不会为与 google 集成做这部分)。
This should be done by google when you request its resource.当您请求其资源时,这应该由谷歌完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.