Spring boot - google oauth2,在数据库中存储刷新令牌
Spring boot - google oauth2, store refresh token in database
我正在尝试从登录我的系统的用户那里获取刷新令牌,并将其存储在数据库中。因此,我的生态系统中的另一个系统可以访问存储的刷新令牌,使用它生成访问令牌,并使用 google 日历 api 和用户凭据。
到目前为止,我已经成功地用
登录了
@Configuration
public class AppConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ClientRegistrationRepository clientRegistrationRepository;
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/**").authenticated()
.anyRequest().permitAll()
.and()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(new CustomAuthorizationRequestResolver(
this.clientRegistrationRepository))
.and()
.and()
.rememberMe();
}
}
和
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(
ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository, "/oauth2/authorization");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest =
this.defaultAuthorizationRequestResolver.resolve(request);
return authorizationRequest != null ?
customAuthorizationRequest(authorizationRequest) :
null;
}
@Override
public OAuth2AuthorizationRequest resolve(
HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest =
this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ?
customAuthorizationRequest(authorizationRequest) :
null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(
OAuth2AuthorizationRequest authorizationRequest) {
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("access_type", "offline");
return OAuth2AuthorizationRequest.from(authorizationRequest)
.additionalParameters(additionalParameters)
.build();
}
}
如何以及在哪里可以访问已登录用户的刷新令牌?
我回答了一个类似的问题,但是是kotlin的,所以我会为你添加一个java版本。
这是获取刷新令牌的两种方法(或者说 OAuth2AuthorizedClient,您可以从中获取刷新令牌)。具体用哪个看自己的需要。
- 将表示请求用户的
OAuth2AuthorizedClient 注入端点方法:
@GetMapping("/foo")
void foo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user) {
OAuth2RefreshToken refreshToken = user.getRefreshToken();
}
- 在请求上下文之外,您可以将
OAuth2AuthorizedClientService 注入托管组件,并使用客户端注册 ID 和主体名称获取所需的 OAuth2AuthorizedClient 实例:
@Autowired
private OAuth2AuthorizedClientService clientService;
public void foo() {
OAuth2AuthorizedClient user = clientService.loadAuthorizedClient("google", "principal-name");
OAuth2RefreshToken refreshToken = user.getRefreshToken();
}
我正在尝试从登录我的系统的用户那里获取刷新令牌,并将其存储在数据库中。因此,我的生态系统中的另一个系统可以访问存储的刷新令牌,使用它生成访问令牌,并使用 google 日历 api 和用户凭据。
到目前为止,我已经成功地用
登录了@Configuration
public class AppConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ClientRegistrationRepository clientRegistrationRepository;
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/**").authenticated()
.anyRequest().permitAll()
.and()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(new CustomAuthorizationRequestResolver(
this.clientRegistrationRepository))
.and()
.and()
.rememberMe();
}
}
和
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(
ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository, "/oauth2/authorization");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
OAuth2AuthorizationRequest authorizationRequest =
this.defaultAuthorizationRequestResolver.resolve(request);
return authorizationRequest != null ?
customAuthorizationRequest(authorizationRequest) :
null;
}
@Override
public OAuth2AuthorizationRequest resolve(
HttpServletRequest request, String clientRegistrationId) {
OAuth2AuthorizationRequest authorizationRequest =
this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ?
customAuthorizationRequest(authorizationRequest) :
null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(
OAuth2AuthorizationRequest authorizationRequest) {
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("access_type", "offline");
return OAuth2AuthorizationRequest.from(authorizationRequest)
.additionalParameters(additionalParameters)
.build();
}
}
如何以及在哪里可以访问已登录用户的刷新令牌?
我回答了一个类似的问题
这是获取刷新令牌的两种方法(或者说 OAuth2AuthorizedClient,您可以从中获取刷新令牌)。具体用哪个看自己的需要。
- 将表示请求用户的
OAuth2AuthorizedClient注入端点方法:
@GetMapping("/foo")
void foo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user) {
OAuth2RefreshToken refreshToken = user.getRefreshToken();
}
- 在请求上下文之外,您可以将
OAuth2AuthorizedClientService注入托管组件,并使用客户端注册 ID 和主体名称获取所需的OAuth2AuthorizedClient实例:
@Autowired
private OAuth2AuthorizedClientService clientService;
public void foo() {
OAuth2AuthorizedClient user = clientService.loadAuthorizedClient("google", "principal-name");
OAuth2RefreshToken refreshToken = user.getRefreshToken();
}