![](/img/trans.png)
[英]Central auth server with multiple clients using resource owner password credentials oauth flow
[英]Spring Security 5.3.2 OAuth 2, Resource Owner Password Credentials Flow - How to add additional HEADER parameters to authorization server uri
我正在嘗試從具有資源所有者密碼憑據流的自定義公司 oauth 2 授權服務器生成訪問令牌。
見https://tools.ietf.org/html/rfc6749#section-4.3
此服務器僅在收到以下參數時才會生成訪問令牌:
POST https://custom_corporate_server/auth/oauth/v2/token
Header
idp: 99
Body
grant_type: password
scope: my_scope
client_id: 00******-****-****-****-**********99
client_secret: 00******-****-****-****-**********99
username: my_user
password: my_password
他們的配置需要額外的 header 自定義參數:idp - 應該是一個數字。
我正在使用 Spring 引導 2.3.0 和 Spring 安全 5.3.2。
我按照下面的鏈接構建了我的測試示例: https://docs.spring.io/spring-security/site/docs/5.3.2.RELEASE/reference/html5/#using-the-access-token-2
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.password()
.refreshToken()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
// Assuming the `username` and `password` are supplied as `HttpServletRequest` parameters,
// map the `HttpServletRequest` parameters to `OAuth2AuthorizationContext.getAttributes()`
authorizedClientManager.setContextAttributesMapper(contextAttributesMapper());
return authorizedClientManager;
}
private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper() {
return authorizeRequest -> {
Map<String, Object> contextAttributes = Collections.emptyMap();
HttpServletRequest servletRequest = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
String username = servletRequest.getParameter(OAuth2ParameterNames.USERNAME);
String password = servletRequest.getParameter(OAuth2ParameterNames.PASSWORD);
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
contextAttributes = new HashMap<>();
// `PasswordOAuth2AuthorizedClientProvider` requires both attributes
contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
}
return contextAttributes;
};
}
我無法將 header 中的這個參數傳遞給授權服務器。 如何做到這一點是我今天的主要難題。
看看 這篇文章,它解釋了對授權和令牌請求的各種自定義。 在您的情況下,關於令牌請求額外參數的部分似乎准確地描述了您的需求。
你可以這樣做:
public class CustomRequestEntityConverter implements Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> {
private OAuth2PasswordGrantRequestEntityConverter defaultConverter;
public CustomRequestEntityConverter() {
defaultConverter = new OAuth2PasswordGrantRequestEntityConverter();
}
@Override
public RequestEntity<?> convert(OAuth2PasswordGrantRequest req) {
RequestEntity<?> entity = defaultConverter.convert(req);
MultiValueMap<String, String> params = entity.getHeaders();
params.add("idp", "99");
return new RequestEntity<>(params, entity.getHeaders(), entity.getMethod(), entity.getUrl());
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.