google spring oauth2 客户端在本地工作但不在 Internet 上工作
google spring oauth2 client works on local but not on internet
拔了头发就来了
使用 google oauth2 登录在本地工作正常但在 public 域下失败。
以下是两者的日志:
==== request in local
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWghwFo-03F8JRldcp8xsqSzg31NkVZpHnPqpdXV4hNcTKehChPzrSaTqRVBfh8g4w], redirect_uri=[http://localhost:8080/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP GET https://www.googleapis.com/oauth2/v3/certs
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[text/plain, application/json, application/*+json, */*]
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [java.lang.String] as "application/json;charset=UTF-8"
=====request under public domain
2022-04-28 16:54:05.949 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 16:54:05.956 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 16:54:05.957 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q], redirect_uri=[https://www.clubspj.com/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 16:54:06.064 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Response 400 BAD_REQUEST
我确定 url 匹配
使用这个库,版本是2.6.7
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
以下是尝试使用 google oauth2
登录时按顺序发出的请求
GET 302 https://www.clubspj.com/oauth2/authorization/google
GET 200 https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=294427952059-ngva8hkoa4cl1af249repefc8lnksl87.apps.googleusercontent.com&scope=openid%20profile%20email&state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&redirect_uri=https://www.clubspj.com/login/oauth2/code/google&nonce=3S3BLRPDsdXB6orOGF52YFIHnbyaLLtO8NGjHEDILYo
GET 302 https://accounts.google.com/signin/oauth/consent?authuser=0&part=AJi8hANiL7v0LYZsyPvT1Vg6t-K2lzlwtCjwELEoi84mtcyDyjIAhY3FkooOuQ9YwoG10HrQyEv3f4H4ZNN_mVry937SfMm_68H1Zw9ZJfkgRVkPM5aTYsa7jdctKNJWe4I4mEJFxeQ0iqizcZfEXw-COkk3L_3wW1CxL2gwCygMud5-Qv1nDJMblMV1dl2CtaWamt30GyrWoaG_g14mRGLvcmHHruvQD3Uid7t0PI9hNtYYqewJLTdCi6dmn8pLa7MJPqEHdp2nyKJf5YSPqAskAn4BX-_aaLXKeNnQJhC2Cjzpwnux_zKol50e8ymHU5PQpP5hU23lArmBPXU3shEEi4m_yA2R41p8vFaB3f9HpOqp9ThEgMp8nv_po6C7Kk3qLMoWR2COAYvv4zflcA_157vUt6jhDpKoLw2cf7Fbq_4afG1QKiI8x9LOn4iJq6Q2JBh_AxlX9truJZb45fNbDI1nfnrOEQ&as=S-872222817%3A1651179243534195&pli=1&rapt=AEjHL4MtRiws0sgSbs9qRhpREDRpzEWcleEMkDeuoK78Ie-A3UissN40zZ2GdDLIIqoA4P7tjoqyQgVmVDmgmqt8a2qv_ElA-w
GET 302 https://www.clubspj.com/login/oauth2/code/google?state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&code=4%2F0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none
最后一个请求导致错误并重定向到登录?错误,请求的详细信息:
回应Header:
HTTP/1.1 302
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Location: https://www.clubspj.com/login?error
Content-Length: 0
Date: Thu, 28 Apr 2022 20:54:06 GMT
Keep-Alive: timeout=60
Connection: keep-alive
请求Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: keep-alive
Cookie: AWSALBTG=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; AWSALBTGCORS=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; JSESSIONID=7F3D126AA8A114A2EAB4937EB1A911DA
Host: www.clubspj.com
Referer: https://accounts.google.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
最后我是 运行 弹性 IP 下 EC2 上的应用程序。已验证 clubspj.com 请求之间的所有 JSESSIONID 都相同。
提前致谢!
总是小事!
要在本地使用 google 登录,您只需要 client-id
.
在我添加了被遗忘已久的 client-secret
.
后按预期工作
拔了头发就来了
使用 google oauth2 登录在本地工作正常但在 public 域下失败。
以下是两者的日志:
==== request in local
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWghwFo-03F8JRldcp8xsqSzg31NkVZpHnPqpdXV4hNcTKehChPzrSaTqRVBfh8g4w], redirect_uri=[http://localhost:8080/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP GET https://www.googleapis.com/oauth2/v3/certs
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[text/plain, application/json, application/*+json, */*]
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [java.lang.String] as "application/json;charset=UTF-8"
=====request under public domain
2022-04-28 16:54:05.949 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 16:54:05.956 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 16:54:05.957 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q], redirect_uri=[https://www.clubspj.com/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 16:54:06.064 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Response 400 BAD_REQUEST
我确定 url 匹配
使用这个库,版本是2.6.7
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
以下是尝试使用 google oauth2
登录时按顺序发出的请求GET 302 https://www.clubspj.com/oauth2/authorization/google
GET 200 https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=294427952059-ngva8hkoa4cl1af249repefc8lnksl87.apps.googleusercontent.com&scope=openid%20profile%20email&state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&redirect_uri=https://www.clubspj.com/login/oauth2/code/google&nonce=3S3BLRPDsdXB6orOGF52YFIHnbyaLLtO8NGjHEDILYo
GET 302 https://accounts.google.com/signin/oauth/consent?authuser=0&part=AJi8hANiL7v0LYZsyPvT1Vg6t-K2lzlwtCjwELEoi84mtcyDyjIAhY3FkooOuQ9YwoG10HrQyEv3f4H4ZNN_mVry937SfMm_68H1Zw9ZJfkgRVkPM5aTYsa7jdctKNJWe4I4mEJFxeQ0iqizcZfEXw-COkk3L_3wW1CxL2gwCygMud5-Qv1nDJMblMV1dl2CtaWamt30GyrWoaG_g14mRGLvcmHHruvQD3Uid7t0PI9hNtYYqewJLTdCi6dmn8pLa7MJPqEHdp2nyKJf5YSPqAskAn4BX-_aaLXKeNnQJhC2Cjzpwnux_zKol50e8ymHU5PQpP5hU23lArmBPXU3shEEi4m_yA2R41p8vFaB3f9HpOqp9ThEgMp8nv_po6C7Kk3qLMoWR2COAYvv4zflcA_157vUt6jhDpKoLw2cf7Fbq_4afG1QKiI8x9LOn4iJq6Q2JBh_AxlX9truJZb45fNbDI1nfnrOEQ&as=S-872222817%3A1651179243534195&pli=1&rapt=AEjHL4MtRiws0sgSbs9qRhpREDRpzEWcleEMkDeuoK78Ie-A3UissN40zZ2GdDLIIqoA4P7tjoqyQgVmVDmgmqt8a2qv_ElA-w
GET 302 https://www.clubspj.com/login/oauth2/code/google?state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&code=4%2F0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none
最后一个请求导致错误并重定向到登录?错误,请求的详细信息:
回应Header:
HTTP/1.1 302
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Location: https://www.clubspj.com/login?error
Content-Length: 0
Date: Thu, 28 Apr 2022 20:54:06 GMT
Keep-Alive: timeout=60
Connection: keep-alive
请求Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: keep-alive
Cookie: AWSALBTG=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; AWSALBTGCORS=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; JSESSIONID=7F3D126AA8A114A2EAB4937EB1A911DA
Host: www.clubspj.com
Referer: https://accounts.google.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
最后我是 运行 弹性 IP 下 EC2 上的应用程序。已验证 clubspj.com 请求之间的所有 JSESSIONID 都相同。
提前致谢!
总是小事!
要在本地使用 google 登录,您只需要 client-id
.
在我添加了被遗忘已久的 client-secret
.