Spring OAuth2 服务器在授权代码流后未使用刷新令牌进行响应
Spring OAuth2 Server is not responding with refresh token after authorization code flow
我设置了一个 OAuth2 身份验证服务器,主要目的是使用授权代码流。据我所知,流程正在运行,因为我能够在流程结束时获得有效的 access_token,但问题是我没有获得 request_token 响应字段。我不确定我是否打算做一些与我所做的不同的事情,但我相信我必须做的就是在 authorizedGrantTypes 参数中添加“request_token”(我有完毕)。我将在下面提供最相关的设置代码。
AuthorizationServerConfigurerAdapter
@Import(AuthorizationServerEndpointsConfiguration.class)
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
PasswordEncoder passwordEncoder;
AuthenticationManager authenticationManager;
KeyPair keyPair;
RedisConnectionFactory redisConnectionFactory;
public AuthorizationServerConfig(AuthenticationManager authenticationManager, KeyPair keyPair, RedisConnectionFactory redisConnectionFactory,
PasswordEncoder passwordEncoder) {
this.keyPair = keyPair;
this.redisConnectionFactory = redisConnectionFactory;
this.authenticationManager = authenticationManager;
this.passwordEncoder = passwordEncoder;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("web")
.secret(passwordEncoder.encode("noonewilleverguess"))
.scopes("resource:read", "resource:write")
.authorizedGrantTypes("authorization_code", "refresh_token")
.redirectUris("http://localhost:8080/login-two");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.tokenStore(tokenStore(redisConnectionFactory))
.accessTokenConverter(accessTokenConverter());
}
@Bean
public TokenStore tokenStore(RedisConnectionFactory redisConnectionFactory) {
return new RedisTokenStore(redisConnectionFactory);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setKeyPair(this.keyPair);
return converter;
}
}
AuthorizationServerSecurityConfiguration
@Configuration
public class JwtSetEndpointConfiguration extends AuthorizationServerSecurityConfiguration {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.requestMatchers()
.mvcMatchers("/.well-known/jwks.json")
.and()
.authorizeRequests()
.mvcMatchers("/.well-known/jwks.json").permitAll();
}
}
WebSecurityConfigurerAdapter
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
protected UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public KeyPair keyPairBean() throws NoSuchAlgorithmException {
//TODO:drt - probs change
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
return gen.generateKeyPair();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
授权码流响应
我首先发送一个 GET 请求到:
http://localhost:8080/oauth/authorize?response_type=code&client_id=web&state=8781487s1
重定向示例:http://localhost:8080/login-two?code=N-U9XJ&state=8781487s1
然后我向 http://localhost:8080/oauth/token 发送一个 POST 请求,使用 Basic Auth
这是我收到的示例响应,没有 refresh_token 字段:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MTc2MjY1NzQsInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImRENUplcWI3QlhHTkd0WkI1QVU4akhNbGR1YyIsImNsaWVudF9pZCI6IndlYiIsInNjb3BlIjpbInJlc291cmNlOndyaXRlIiwicmVzb3VyY2U6cmVhZCJdfQ.D5XKotYYAZkKtZNWdD-wirtoi3prU3CCmibIiQF5kodbXeK5ETdZ5k8CgSBLd7Aq-XEdhYXUEbtzzI0vf1vHf_MyhPFy_owldm_JJf2-2z9jNoU2BSnGMp6TCM00pCSMwbk57paLRZouryHEhTdvixVDmez2e1KmMVmXP6NypARB3Sp5SD2sZ2JN7FBQdkQ0OMVChjAQMTy1M3mDiT5dpT7iD7JxKRFTmD7qKYSF_gbQi6mEF3oH4j40TGI_CpyP3kKdDh4kiEfNeFd84YNHGYZACsYHfjoJrtJV1ECoeLph5CpmSpzt0lhOlzy8Q98OsPR8SdRt5Ou9N-BFmftZDw",
"token_type": "bearer",
"expires_in": 13462,
"scope": "resource:write resource:read",
"jti": "dD5Jeqb7BXGNGtZB5AU8jHMlduc"
}
希望你们中的某个人可以提供帮助,因为在尝试并在线查找之后我不知道我做错了什么。请帮忙,
所以我设法解决了这个问题,所以它现在 returns 是授权流程后的一个刷新令牌。我所要做的就是添加 DefaultTokenServices bean 并确保将 setSupportRefreshToken 设置为 true。
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
我设置了一个 OAuth2 身份验证服务器,主要目的是使用授权代码流。据我所知,流程正在运行,因为我能够在流程结束时获得有效的 access_token,但问题是我没有获得 request_token 响应字段。我不确定我是否打算做一些与我所做的不同的事情,但我相信我必须做的就是在 authorizedGrantTypes 参数中添加“request_token”(我有完毕)。我将在下面提供最相关的设置代码。
AuthorizationServerConfigurerAdapter
@Import(AuthorizationServerEndpointsConfiguration.class)
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
PasswordEncoder passwordEncoder;
AuthenticationManager authenticationManager;
KeyPair keyPair;
RedisConnectionFactory redisConnectionFactory;
public AuthorizationServerConfig(AuthenticationManager authenticationManager, KeyPair keyPair, RedisConnectionFactory redisConnectionFactory,
PasswordEncoder passwordEncoder) {
this.keyPair = keyPair;
this.redisConnectionFactory = redisConnectionFactory;
this.authenticationManager = authenticationManager;
this.passwordEncoder = passwordEncoder;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("web")
.secret(passwordEncoder.encode("noonewilleverguess"))
.scopes("resource:read", "resource:write")
.authorizedGrantTypes("authorization_code", "refresh_token")
.redirectUris("http://localhost:8080/login-two");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.tokenStore(tokenStore(redisConnectionFactory))
.accessTokenConverter(accessTokenConverter());
}
@Bean
public TokenStore tokenStore(RedisConnectionFactory redisConnectionFactory) {
return new RedisTokenStore(redisConnectionFactory);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setKeyPair(this.keyPair);
return converter;
}
}
AuthorizationServerSecurityConfiguration
@Configuration
public class JwtSetEndpointConfiguration extends AuthorizationServerSecurityConfiguration {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.requestMatchers()
.mvcMatchers("/.well-known/jwks.json")
.and()
.authorizeRequests()
.mvcMatchers("/.well-known/jwks.json").permitAll();
}
}
WebSecurityConfigurerAdapter
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
protected UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public KeyPair keyPairBean() throws NoSuchAlgorithmException {
//TODO:drt - probs change
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
return gen.generateKeyPair();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
授权码流响应
我首先发送一个 GET 请求到:
http://localhost:8080/oauth/authorize?response_type=code&client_id=web&state=8781487s1
重定向示例:http://localhost:8080/login-two?code=N-U9XJ&state=8781487s1
然后我向 http://localhost:8080/oauth/token 发送一个 POST 请求,使用 Basic Auth
这是我收到的示例响应,没有 refresh_token 字段:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MTc2MjY1NzQsInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6ImRENUplcWI3QlhHTkd0WkI1QVU4akhNbGR1YyIsImNsaWVudF9pZCI6IndlYiIsInNjb3BlIjpbInJlc291cmNlOndyaXRlIiwicmVzb3VyY2U6cmVhZCJdfQ.D5XKotYYAZkKtZNWdD-wirtoi3prU3CCmibIiQF5kodbXeK5ETdZ5k8CgSBLd7Aq-XEdhYXUEbtzzI0vf1vHf_MyhPFy_owldm_JJf2-2z9jNoU2BSnGMp6TCM00pCSMwbk57paLRZouryHEhTdvixVDmez2e1KmMVmXP6NypARB3Sp5SD2sZ2JN7FBQdkQ0OMVChjAQMTy1M3mDiT5dpT7iD7JxKRFTmD7qKYSF_gbQi6mEF3oH4j40TGI_CpyP3kKdDh4kiEfNeFd84YNHGYZACsYHfjoJrtJV1ECoeLph5CpmSpzt0lhOlzy8Q98OsPR8SdRt5Ou9N-BFmftZDw",
"token_type": "bearer",
"expires_in": 13462,
"scope": "resource:write resource:read",
"jti": "dD5Jeqb7BXGNGtZB5AU8jHMlduc"
}
希望你们中的某个人可以提供帮助,因为在尝试并在线查找之后我不知道我做错了什么。请帮忙,
所以我设法解决了这个问题,所以它现在 returns 是授权流程后的一个刷新令牌。我所要做的就是添加 DefaultTokenServices bean 并确保将 setSupportRefreshToken 设置为 true。
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}