使用带有OpenID Connect提供程序的spring-security-oauth2客户端时,如何访问“id_token”和“refresh_token”?

时间:2017-03-24 15:40:56

标签: java spring spring-security spring-security-oauth2 openid-connect

我已成功将Spring Security OAuth2与我的Open ID Connect提供程序(Forgerock OpenAM)集成。我可以看到正在检索的访问令牌。如何从id_token端点访问属于响应一部分的refresh_token/token

2 个答案:

答案 0 :(得分:0)

最后找出答案和发帖,以防对有相同问题的人有用。在Spring Security OAuth2对会话进行身份验证后,会有Authentication个对象设置。它需要被转换为OAuth2Authentication的实例。该对象具有令牌。

    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth instanceof OAuth2Authentication) {
        Object details = auth.getDetails();
        OAuth2AccessToken token = oauth2Ctx.getAccessToken();

        if (token != null && !token.isExpired()) {
            // Do Stuff
        }

答案 1 :(得分:0)

替代方法的完整示例(使用Spring Boot并禁用其自动配置的一部分)。

application.properties:

$path = 'image.png';
$info = pathinfo($path, PATHINFO_EXTENSION);
$data = file_get_contents($path);
$base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);

function base64ToImage($base64String, $outputFile) {
    $file = fopen($outputFile, "wb");
    $data = explode(',', $base64String);
    fwrite($file, base64_decode($data[1]));
    fclose($file);

    return $outputFile;
}

security.oauth2.client.client-id=client-id
security.oauth2.client.client-secret=client-secret
security.oauth2.client.access-token-uri=http://my-oidc-provider/auth/oauth2/token
security.oauth2.client.user-authorization-uri=http://my-oidc-provider/auth/oauth2/authorize
security.oauth2.resource.token-info-uri=http://my-oidc-provider/auth/oauth2/check_token
security.oauth2.client.scope=openid,email,profile
security.oauth2.resource.jwk.key-set-uri=http://my-oidc-provider/auth/oidc/jwks

/**
 * Extending the AuthorizationServerEndpointsConfiguration disables the Spring
 * Boot ResourceServerTokenServicesConfiguration.
 */
@Configuration
@EnableOAuth2Sso
public class OAuth2Config extends AuthorizationServerEndpointsConfiguration {

    @Value("${security.oauth2.resource.jwk.key-set-uri}")
    private String keySetUri;

    @Value("${security.oauth2.resource.token-info-uri}")
    private String checkTokenEndpointUrl;

    @Value("${security.oauth2.client.client-id}")
    private String clientId;

    @Value("${security.oauth2.client.client-secret}")
    private String clientSecret;

    @Bean
    public RemoteTokenServices resourceServerTokenServices() {
        RemoteTokenServices tokenService = new RemoteTokenServices();

        DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
        accessTokenConverter.setUserTokenConverter(new CustomIdTokenConverter(keySetUri));
        tokenService.setAccessTokenConverter(accessTokenConverter);

        tokenService.setCheckTokenEndpointUrl(checkTokenEndpointUrl);
        tokenService.setClientId(clientId);
        tokenService.setClientSecret(clientSecret);

        return tokenService;
    }

    @Bean
    public ClientDetailsService clientDetailsService() {
        return new InMemoryClientDetailsService();
    }

    @Bean
    public UserInfoRestTemplateFactory userInfoRestTemplateFactory(
            ObjectProvider<List<UserInfoRestTemplateCustomizer>> customizers,
            ObjectProvider<OAuth2ProtectedResourceDetails> details,
            ObjectProvider<OAuth2ClientContext> oauth2ClientContext) {
        return new DefaultUserInfoRestTemplateFactory(customizers, details,
                oauth2ClientContext);
    }
}
相关问题
最新问题