如何在Spring OAuth2上更改response_type

时间:2016-12-18 12:08:40

标签: spring spring-boot spring-security

这是我使用Instagram登录OAuth2的配置

instagram:
  client:
    clientId: clientId
    clientSecret: clientSeret
    accessTokenUri: https://api.instagram.com/oauth/access_token
    userAuthorizationUri: https://api.instagram.com/oauth/authorize
    clientAuthenticationScheme: form
  scope:
    - basic
    - public_content
  resource:
    userInfoUri: https://api.instagram.com/v1/users/self/
    delimiter: +

这是Spring提出的要求:

https://api.instagram.com/oauth/authorize?client_id=clientId&redirect_uri=http://localhost:8080/login/instagram&response_type=code&state=CG6mMQ

如何将response_type更改为&response_type=token,我怎么能为Spring添加范围?

这是App类:

@SpringBootApplication
@EnableOAuth2Client
public class App extends WebSecurityConfigurerAdapter {

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    public static void main(String[] args) throws Exception {
        SpringApplication.run(App.class, args);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/", "/login**", "/webjars/**")
                .permitAll()
                .anyRequest()
                .authenticated().and().exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
                // logout
                .and().logout().logoutSuccessUrl("/").permitAll()
                // CSRF
                .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                // filters
                .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }

    private Filter ssoFilter() {
        CompositeFilter filter = new CompositeFilter();
        List<Filter> filters = new ArrayList<>();

        // facebook ...
        // google ...

        // instagram
        OAuth2ClientAuthenticationProcessingFilter instagramFilter =
                new OAuth2ClientAuthenticationProcessingFilter("/login/instagram");
        OAuth2RestTemplate instagramTemplate =
                new OAuth2RestTemplate(instagram(), oauth2ClientContext);
        instagramFilter.setRestTemplate(instagramTemplate);
        instagramFilter.setTokenServices(
                new UserInfoTokenServices(instagramResource().getUserInfoUri(), instagram().getClientId()));
        filters.add(instagramFilter);

        filter.setFilters(filters);
        return filter;
    }

    @Bean
    @ConfigurationProperties("instagram.client")
    public AuthorizationCodeResourceDetails instagram() {
        return new AuthorizationCodeResourceDetails();
    }

    @Bean
    @ConfigurationProperties("instagram.resource")
    public ResourceServerProperties instagramResource() {
        return new ResourceServerProperties();
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(
            OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }
}

2 个答案:

答案 0 :(得分:0)

  

如何将response_type更改为&amp; response_type = token

在我阅读代码时,AuthorizationCodeAccessTokenProvider‘s response_type是硬代码。

private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource,
            AccessTokenRequest request) {

        // we don't have an authorization code yet. So first get that.
        TreeMap<String, String> requestParameters = new TreeMap<String, String>();
        requestParameters.put("response_type", "code"); // oauth2 spec, section 3

因此,如果您想更改response_code,可以扩展AuthorizationCodeAccessTokenProvider,或实现AccessTokenProvider,然后注入OAuth2RestTemplate accessTokenProvider(默认值为AccessTokenProviderChain,其中包含AuthorizationCodeAccessTokenProviderResourceOwnerPasswordAccessTokenProvider等,请使用您自己的提供程序而不是AuthorizationCodeAccessTokenProvider)。

或者您可以更改redirectStrategy中的OAuth2ClientContextFilter,并在重定向时更改请求参数,但我不建议这样做。

  

我怎么能为Spring添加范围?

AuthorizationCodeAccessTokenProvider将从AuthorizationCodeResourceDetails获取范围,并将其添加到UserRedirectRequiredException。我认为范围不能注入AuthorizationCodeResourceDetails,因为范围不在客户端下。也许你需要改变它。

instagram:
  client:
    clientId: clientId
    clientSecret: clientSeret
    accessTokenUri: https://api.instagram.com/oauth/access_token
    userAuthorizationUri: https://api.instagram.com/oauth/authorize
    clientAuthenticationScheme: form
    scope:
      - basic
      - public_content

答案 1 :(得分:0)

您可以从var crmUpdate = new List<CrmPartPrice>访问查询参数。因此,在抛出异常并因此导致重定向发生的代码中,例如,在您的过滤器中,您可以执行以下操作:

UserRedirectRequiredException

您只能以这种方式替换值。如果您需要在现有值旁边添加参数值,则需要使用&#39; +&#39;等分隔符。没有添加多个参数值的标准方法,这取决于API所有者接受的内容。某些API可能根本不接受分隔符。