堆棧內存溢出
  簡體   English   中英

Spring 啟動 - google oauth2,在數據庫中存儲刷新令牌

[英]Spring boot - google oauth2, store refresh token in database

 原文  2020-05-01 22:17:24       java/ spring-boot/ spring-security/ spring-security-oauth2/ google-oauth

問題描述

我正在嘗試從登錄我的系統的用戶那里獲取刷新令牌,並將其存儲在數據庫中。 因此,我的生態系統中的不同系統可以訪問存儲的刷新令牌,使用它生成訪問令牌,並使用谷歌日歷 api 和用戶憑據。

到目前為止,我已經設法登錄

@Configuration
public class AppConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .authorizeRequests()
                .antMatchers("/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .oauth2Login()
                .authorizationEndpoint()
                .authorizationRequestResolver(new CustomAuthorizationRequestResolver(
                        this.clientRegistrationRepository))
                .and()
                .and()
                .rememberMe();
    }
}



public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;

    public CustomAuthorizationRequestResolver(
            ClientRegistrationRepository clientRegistrationRepository) {

        this.defaultAuthorizationRequestResolver =
                new DefaultOAuth2AuthorizationRequestResolver(
                        clientRegistrationRepository, "/oauth2/authorization");
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(request);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(
            HttpServletRequest request, String clientRegistrationId) {

        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(
                        request, clientRegistrationId);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    private OAuth2AuthorizationRequest customAuthorizationRequest(
            OAuth2AuthorizationRequest authorizationRequest) {

        Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
        additionalParameters.put("access_type", "offline");

        return OAuth2AuthorizationRequest.from(authorizationRequest)
                .additionalParameters(additionalParameters)
                .build();
    }

}

我如何以及在哪里可以訪問已登錄用戶的刷新令牌?

1 個解決方案

解決方案1
 3 已采納  2020-05-02 10:38:38

在這里回答了一個類似的問題,但它在 kotlin 中,所以我會為你添加一個 java 版本。

這是獲取刷新令牌的兩種方法(或者更確切地說是OAuth2AuthorizedClient ,您可以從中獲取刷新令牌)。 您使用哪一種取決於您的需求。

  1. 將代表請求用戶的OAuth2AuthorizedClient注入到端點方法中:
@GetMapping("/foo")
void foo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user) {
    OAuth2RefreshToken refreshToken = user.getRefreshToken();
}
  1. 在請求的上下文之外,您可以將OAuth2AuthorizedClientService注入托管組件,並使用客戶端注冊 ID 和主體名稱獲取所需的OAuth2AuthorizedClient實例:
@Autowired
private OAuth2AuthorizedClientService clientService;

public void foo() {
    OAuth2AuthorizedClient user = clientService.loadAuthorizedClient("google", "principal-name");
    OAuth2RefreshToken refreshToken = user.getRefreshToken();
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 春季OAuth2刷新令牌 Spring Boot OAuth2令牌 Spring 5,401返回后帶有Google刷新訪問令牌的OAuth2 Spring Boot Application驗證來自Google的oauth2令牌 spring boot oauth2與jdbc令牌存儲給出oauth_access_token關系不存在 Spring OAuth2沒有提供刷新令牌 如何在spring boot 2 oauth2中獲得令牌? Google Oauth2 refresh_token為空 春季啟動OAuth2-OAuth令牌不返回授權令牌 帶有本地用戶數據庫的 Spring Boot oauth2
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM