Spring OAuth2 不提供刷新令牌
Spring OAuth2 not giving refresh token
我是 运行 使用 Spring 和“密码”授权类型的 OAuth 提供者。
运行 这个(提供者在端口 8080 上):
curl -u "app:appclientsecret" "http://localhost:8080/oauth/token" --data "grant_type=password&username=marissa&password=koala"
returns:
{"access_token":"56da4d2b-7e66-483e-b88d-c1a58ee5a453","token_type":"bearer","expires_in":43199,"scope":"read"}
由于某种原因,没有刷新令牌。根据 spec,我知道刷新令牌是可选的;有没有我错过的启用它的方法?
作为参考,这是我的提供商代码:
@SpringBootApplication
public class Provider {
public static void main(String... args) {
System.setProperty("server.port", "8080");
SpringApplication.run(Provider.class, args);
}
@Configuration
@EnableWebSecurity
static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserStoreType type = UserStoreType.IN_MEMORY;
enum UserStoreType {
IN_MEMORY,
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
switch(type) {
case IN_MEMORY:
System.err.println("Setting up user creds..");
auth.inMemoryAuthentication()
.withUser("marissa").password("koala").roles("USER")
.and()
.withUser("admin").password("topsecret").roles("USER", "ADMIN");
break;
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {}
}
@Configuration
@EnableAuthorizationServer
static class OAuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(new InMemoryTokenStore()).authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}
}
}
客户端需要authorizedGrantType"refresh_token"。
试试这个
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}
我是 运行 使用 Spring 和“密码”授权类型的 OAuth 提供者。
运行 这个(提供者在端口 8080 上):
curl -u "app:appclientsecret" "http://localhost:8080/oauth/token" --data "grant_type=password&username=marissa&password=koala"
returns:
{"access_token":"56da4d2b-7e66-483e-b88d-c1a58ee5a453","token_type":"bearer","expires_in":43199,"scope":"read"}
由于某种原因,没有刷新令牌。根据 spec,我知道刷新令牌是可选的;有没有我错过的启用它的方法?
作为参考,这是我的提供商代码:
@SpringBootApplication
public class Provider {
public static void main(String... args) {
System.setProperty("server.port", "8080");
SpringApplication.run(Provider.class, args);
}
@Configuration
@EnableWebSecurity
static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserStoreType type = UserStoreType.IN_MEMORY;
enum UserStoreType {
IN_MEMORY,
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
switch(type) {
case IN_MEMORY:
System.err.println("Setting up user creds..");
auth.inMemoryAuthentication()
.withUser("marissa").password("koala").roles("USER")
.and()
.withUser("admin").password("topsecret").roles("USER", "ADMIN");
break;
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {}
}
@Configuration
@EnableAuthorizationServer
static class OAuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(new InMemoryTokenStore()).authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}
}
}
客户端需要authorizedGrantType"refresh_token"。
试试这个
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}