如何在 Spring OAuth2 中通过 client_id 和秘密授权?

How authorize in Spring OAuth2 by client_id and secret only?

现在我正在使用下一个配置:

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token");
    }
}

它需要发送client_id, client_secret, username, password...但是我需要为我的可信服务器提供access_token,只有client_idclient_secret...如何我做到了吗?可能吗?

你需要的是配置一个客户端 client_credentials grant

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("client_credentials");
    }
}

要获得令牌,您需要发送一个 post 请求,并使用 base 64 编码的凭据。

POST http://localhost:8080/paymentiq/oauth/token?grant_type=client_credentials -h 'Authorization: [clientId:secret]'