我有Spring OAuth授权服务器,我想添加对多个客户端(id)的支持。我为这样的客户配置了这个:
clients
.inMemory().withClient(client).secret(clientSecret)
.resourceIds(resourceId)
.authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
.authorities("ROLE_USER")
.scopes("read", "write")
.autoApprove(true)
.and()
.inMemory().withClient("acme").secret("acmesecret")
.resourceIds(resourceId)
.authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
.authorities("ROLE_USER_ACME")
.scopes("read", "write")
.autoApprove(true);
我可以使用第一个客户端获取访问令牌,但在尝试使用第二个客户端获取访问令牌时出现此错误:
{
"timestamp": 1456822249638,
"status": 401,
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/oauth/token"
}
是否可以添加多个客户端以及如何执行此操作?另外,如何从数据库中读取客户端?
答案 0 :(得分:14)
请勿使用多个inMemory
构建器,而是在一个withClient
内连接多个inMemory
:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("first")
.secret("secret")
.scopes("read")
.authorizedGrantTypes("password")
.and()
.withClient("sec")
.secret("secret")
.scopes("read")
.authorizedGrantTypes("password");
}
答案 1 :(得分:3)
对于inMemory
构建器具有配置(您必须定义自己的配置):
@Override
public void configure ( ClientDetailsServiceConfigurer clients ) throws Exception {
// @formatter:off
InMemoryClientDetailsServiceBuilder inMemoryBuilder = clients.inMemory ();
for (String clientKey: authServerProperties.getClient ().keySet ()) {
OAuthClientProperties client = authServerProperties.getClient ().get ( clientKey );
inMemoryBuilder
.withClient ( client.getClientId () )
.secret ( client.getClientSecret () )
.scopes ( client.getScopes () == null ? new String[] {"openid"} : client.getScopes () )
.authorizedGrantTypes ( client.getAuthorizedGrandTypes () == null ? "client_credentials" : client.getAuthorizedGrandTypes () );
}
// @formatter:on
}
具有两个附加类:
@ConfigurationProperties ( prefix = "my-authorization-server" )
public class AuthServerProperties
private final Map<String, OAuthClientProperties> client = new HashMap<> ();
...
public Map<String, OAuthClientProperties> getClient () {
return client;
}
...
}
public class OAuthClientProperties {
private String clientId;
private String clientSecret;
private String[] scopes;
private String authorizedGrandTypes;
public String getClientId () {
return clientId;
}
public void setClientId ( String clientId ) {
this.clientId = clientId;
}
public String getClientSecret () {
return clientSecret;
}
public void setClientSecret ( String clientSecret ) {
this.clientSecret = clientSecret;
}
public String[] getScopes () {
return scopes;
}
public void setScopes ( String[] scopes ) {
this.scopes = scopes;
}
public String getAuthorizedGrandTypes () {
return authorizedGrandTypes;
}
public void setAuthorizedGrandTypes ( String authorizedGrandTypes ) {
this.authorizedGrandTypes = authorizedGrandTypes;
}
}
最后,在属性中,您将具有以下内容:
my-authorization-server.client.foo.client-id=foo-client
my-authorization-server.client.foo.client-secret=foo-client-supersecret
my-authorization-server.client.foo.scopes=read
my-authorization-server.client.bar.client-id=bar-client
my-authorization-server.client.bar.client-secret=bar-client-verysupersecret
my-authorization-server.client.bar.scopes=read,write