[英]Spring security OAuth2 - verify access token
I was wondering what the best way of verifying the access token is using spring security? 我想知道验证访问令牌的最佳方法是使用Spring Security吗? The sparklr2 and tonr2 example end up using the session cookie to do the verification...so didn't have much to go off there.
sparklr2和tonr2示例最终使用会话cookie进行验证...因此没有太多事情要做。
You could expose another endpoint at the auth server to do that for you. 您可以在身份验证服务器上公开另一个端点来为您执行此操作。
If you'd like to use Spring only, it currently only supports sharing of the same DB between authorization server and resource server (see OAuth2ProtectedResourceFilter). 如果您只想使用Spring,则它目前仅支持在授权服务器和资源服务器之间共享同一数据库(请参阅OAuth2ProtectedResourceFilter)。
In any case, the spec doesn't mandate any one way. 无论如何,规范并没有规定任何一种方式。 The way you choose would be on your preference or on your situation.
您选择的方式将取决于您的偏好或情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.