堆栈内存溢出
  简体   繁体   English

Spring 引导 OAuth2 - 记住已授权

[英]Spring Boot OAuth2 - Remember given Authorization

 原文  2022-08-02 12:28:28       java/ spring/ spring-boot/ kotlin/ oauth

问题描述

i'm currently working on a OAuth2 Authorization Server using Spring Boot and the Spring Security OAuth2 Autoconfigure library.我目前正在使用 Spring Boot 和 Spring Security OAuth2 Autoconfigure 库开发 OAuth2 授权服务器。

Everything works so far except the fact that I need to authorize the client every time to access my protected resources.到目前为止一切正常,除了我每次都需要授权客户端访问我的受保护资源。 Is there any way to suppress the prompt or remember that i've already authorized the client?有什么方法可以抑制提示或记住我已经授权客户? Adding &prompt=none to the request params of my URL didn't work as expected.&prompt=none添加到我的 URL 的请求参数中没有按预期工作。

I already tried to add a custom AuthorizationRequestResolver and adding prompt=none to every request, but that didn't work also.我已经尝试添加自定义 AuthorizationRequestResolver 并向每个请求添加prompt=none ,但这也不起作用。

Thank you in advance.先感谢您。

1 个解决方案

解决方案1
 0  2022-08-04 03:37:50

Usually after you are authorized by the authorization server, as a result you get an access token.通常在您获得授权服务器授权后,您将获得一个访问令牌。 The resource server verifies against the access token to determine your client has the right to retrieve the requested resources.资源服务器根据访问令牌进行验证,以确定您的客户端有权检索请求的资源。

With this background, one possible case is that:在这种背景下,一种可能的情况是:

Your client doesn't store the access token.您的客户端不存储访问令牌。 So that everytime it hits the resource server, the resource server redirects the client to the authorization server to get the access token.这样每次访问资源服务器时,资源服务器都会将客户端重定向到授权服务器以获取访问令牌。

A solution of this is your client can store the access token.一个解决方案是您的客户端可以存储访问令牌。 For the subsequent requests to the resources server, the access token has to be provided in an expected way.对于对资源服务器的后续请求,必须以预期的方式提供访问令牌。 (like Aurthorization request header) (如授权请求标头)

You may also find storing a refresh token is useful.您可能还会发现存储刷新令牌很有用。 Since there is no much background about your client app, cannot give a concrete recommendation for you.由于您的客户端应用程序没有太多背景,因此无法为您提供具体建议。

If this is the case, you can log your outgoing request from the client to the resources server, you will see the access token missing in your request.如果是这种情况,您可以将来自客户端的传出请求记录到资源服务器,您将看到请求中缺少访问令牌。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 春季启动OAuth2-OAuth令牌不返回授权令牌 - Spring boot OAuth2 - OAuth Token does not return authorization token 使用 Spring 引导和 Spring 安全性的 OpenID (OAuth2) 授权失败 - OpenID (OAuth2) Authorization failing using Spring Boot and Spring Security Spring-boot oauth2拆分授权服务器和资源服务器 - Spring-boot oauth2 splitting authorization server and resource server 使用 Spring Boot 的 OAuth2 SSO 没有授权屏幕 - OAuth2 SSO with Spring Boot without the authorization screen Spring Boot Oauth2 授权服务器不接受有效令牌 - Spring Boot Oauth2 authorization server not accepting valid tokens Spring Boot Oauth2-授权与资源服务器之间的安全性不兼容 - Spring boot Oauth2 - Security incompatibility between Authorization and Resource server 将用户重定向到oauth2授权服务器以获取令牌Spring Boot - Redirecting user to oauth2 authorization server to get token Spring Boot 具有两步登录功能的Spring Boot OAuth2授权服务器 - Spring Boot OAuth2 Authorization Server with 2 step login 具有OAuth2授权的Spring WebClient - Spring WebClient with OAuth2 authorization Spring oauth2 授权提供者 - Spring oauth2 Authorization provider
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM