简体繁体 English

Spring Security OAuth2-验证访问令牌

[英]Spring security OAuth2 - verify access token

原文 2012-03-04 21:08:08 8 1 spring/ security/ oauth-2.0

I was wondering what the best way of verifying the access token is using spring security? 我想知道验证访问令牌的最佳方法是使用Spring Security吗？ The sparklr2 and tonr2 example end up using the session cookie to do the verification...so didn't have much to go off there. sparklr2和tonr2示例最终使用会话cookie进行验证...因此没有太多事情要做。

1 个解决方案

You could expose another endpoint at the auth server to do that for you. 您可以在身份验证服务器上公开另一个端点来为您执行此操作。

If you'd like to use Spring only, it currently only supports sharing of the same DB between authorization server and resource server (see OAuth2ProtectedResourceFilter). 如果您只想使用Spring，则它目前仅支持在授权服务器和资源服务器之间共享同一数据库（请参阅OAuth2ProtectedResourceFilter）。

In any case, the spec doesn't mandate any one way. 无论如何，规范并没有规定任何一种方式。 The way you choose would be on your preference or on your situation. 您选择的方式将取决于您的偏好或情况。

如何验证oAuth2 access_token是否被Spring安全性发布给它的同一客户端使用？ - How to verify that oAuth2 access_token is used by same client to whom it was issued in Spring security?

Spring Security OAuth2-如何禁用访问令牌到期？ - Spring security OAuth2 - how to disable access token expiry?

Spring Security OAuth2 何时检查访问令牌过期？ - When does Spring Security OAuth2 check access token expiration?

Spring Security：如何在请求标头中传递oauth2访问令牌 - Spring Security: How to pass oauth2 access token in request headers

Spring Security Oauth2：访问令牌无效/过期时的回退 - Spring Security Oauth2: Fallback when access token is invalid/expired

令牌URL因Spring Security OAuth2而失败 - Token URL fails with spring security oauth2

Spring 安全 OAuth2 令牌自省 - Spring security OAuth2 token introspection

Spring Security OAuth2 JWT 匿名令牌 - Spring Security OAuth2 JWT anonymous token

在Spring Security OAuth2中使用用户名密码授予中的刷新令牌请求新的访问令牌 - Request new access token using refresh token in username-password grant in Spring Security OAuth2

春季启动安全性，Oauth2用来自Facebook的长期令牌替换访问令牌 - Spring boot Security, Oauth2 replace access token with long-lived token from facebook

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何验证oAuth2 access_token是否被Spring安全性发布给它的同一客户端使用？ - How to verify that oAuth2 access_token is used by same client to whom it was issued in Spring security? Spring Security OAuth2-如何禁用访问令牌到期？ - Spring security OAuth2 - how to disable access token expiry? Spring Security OAuth2 何时检查访问令牌过期？ - When does Spring Security OAuth2 check access token expiration? Spring Security：如何在请求标头中传递oauth2访问令牌 - Spring Security: How to pass oauth2 access token in request headers Spring Security Oauth2：访问令牌无效/过期时的回退 - Spring Security Oauth2: Fallback when access token is invalid/expired 令牌URL因Spring Security OAuth2而失败 - Token URL fails with spring security oauth2 Spring 安全 OAuth2 令牌自省 - Spring security OAuth2 token introspection Spring Security OAuth2 JWT 匿名令牌 - Spring Security OAuth2 JWT anonymous token 在Spring Security OAuth2中使用用户名密码授予中的刷新令牌请求新的访问令牌 - Request new access token using refresh token in username-password grant in Spring Security OAuth2 春季启动安全性，Oauth2用来自Facebook的长期令牌替换访问令牌 - Spring boot Security, Oauth2 replace access token with long-lived token from facebook

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM