我正在使用Spring OAuth2 SSO开发SSO应用程序。我使用Azure AD作为具有signing key rollover的OAuth2提供程序,并使用JWKS URI(OpenID配置)公开公钥,如下所示。有没有办法在Spring OAuth2 SSO中进行令牌验证?
{
"keys": [
{
"kty": "RSA",
"use": "sig",
"kid": "9FXDpbfMFT2SvQuXh846YTwEIBw",
"x5t": "9FXDpbfMFT2SvQuXh846YTwEIBw",
"n": "kvt1VmR4nwkNM8jMU0wmj2gSS8NznbOt2pZI6Z7HQT_esF7W19GZR7Y72Xo1i5zXRDM9o3GeTIjBrnr3yy41Q_EaUQ7C-b-Hmg94Vy7EBZyBhi_mznz0dYWs2MIXwR86Nni9TmgTXvjgTPF2YGJoZt4TwcMFefW8rijCVyNrCBA0XspDouNJavvG0BEMXYigoThFjLRXS5U3h4BDfNZFZZS3dyliNOXfgRn2k7oITz8h_ueiPvmDRFh38AeQgx1cELhKWc3P5ugtttraSwgH7nP2NUguO9nCrHuL6TZ-KWpmRWZqwH-jYKFQVt3CDpzwNM6XJL-oHbl1x-gI3YYX5w",
"e": "AQAB",
"x5c": [
"MIIDBTCCAe2gAwIBAgIQZSAeaqWig4BHC1ksmNNcgjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDUwNjAwMDAwMFoXDTE5MDUwNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJL7dVZkeJ8JDTPIzFNMJo9oEkvDc52zrdqWSOmex0E/3rBe1tfRmUe2O9l6NYuc10QzPaNxnkyIwa5698suNUPxGlEOwvm/h5oPeFcuxAWcgYYv5s589HWFrNjCF8EfOjZ4vU5oE1744EzxdmBiaGbeE8HDBXn1vK4owlcjawgQNF7KQ6LjSWr7xtARDF2IoKE4RYy0V0uVN4eAQ3zWRWWUt3cpYjTl34EZ9pO6CE8/If7noj75g0RYd/AHkIMdXBC4SlnNz+boLbba2ksIB+5z9jVILjvZwqx7i+k2filqZkVmasB/o2ChUFbdwg6c8DTOlyS/qB25dcfoCN2GF+cCAwEAAaMhMB8wHQYDVR0OBBYEFGKpXQNrF5IoxS6bL4F92+gxOJlIMA0GCSqGSIb3DQEBCwUAA4IBAQA3HgW5SoHlvvQVxqqi+mtscDZLhNfe13iG/nx8Er5il82b79RVydNs+f9sYxc4T4ctnrZu7x5e7jInJedNdAlrPorBdw+SfvKJsmiNndXugMew1FlcQTQVIFDCbziaJav8rKyMxPfeKkc1aixbajWZkKg6OPmmJn2ceTocbn8PMQy20xNvcWUwgF5FZZIuPqu6feOLJcUIYw+0JFZ265xka30QXpmytcIxajIzpD4PRdCIBuVSqgXacAs4t4+w+OhnosD72yvXck8M4GwX1j+vcuyw0yhDGNMmqsHWP7H3jnJiGDrKhhdVyplzDhTfv2Whbv/dIDn+meLE3yyC5yGL"
]
},
{
"kty": "RSA",
"use": "sig",
"kid": "VWVIc1WD1Tksbb301sasM5kOq5Q",
"x5t": "VWVIc1WD1Tksbb301sasM5kOq5Q",
"n": "wxZQBChCrsCnhy-U6jWszJNnpSwYM3nmF7iwBkp0Qa57Wz7XQLnhUucZe_YkEJg6hJg16XAbZ_3oZnwLqQVlArfu5ldP9IdgOgPJYFGZXamE0v3BFtf1K2leiHqfmt06zJ2NhHCQ5p2yRzrrMV23kjK5bz8a_gQsdkIkBW7qE9TbJFU5D3zPk-sbJi7SIOLx5XRI6eFwu4z1IGooBbNiRopDEdcQizJqH_7PQJuBBk-a-ntI05mZaEZ2nbo8DDu046TEkqA2IRJ1FIvvdxrAi5NQ6E6YcYulNWxUaxBD2e42f9jmhBTBYknN23p3QEmRWvhgFRyDoK-M5XFw1H0mbw",
"e": "AQAB",
"x5c": [
"MIIDBTCCAe2gAwIBAgIQd8BVt03W25FAp3gfq8UytzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDYxNjAwMDAwMFoXDTE5MDYxNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMWUAQoQq7Ap4cvlOo1rMyTZ6UsGDN55he4sAZKdEGue1s+10C54VLnGXv2JBCYOoSYNelwG2f96GZ8C6kFZQK37uZXT/SHYDoDyWBRmV2phNL9wRbX9StpXoh6n5rdOsydjYRwkOadskc66zFdt5IyuW8/Gv4ELHZCJAVu6hPU2yRVOQ98z5PrGyYu0iDi8eV0SOnhcLuM9SBqKAWzYkaKQxHXEIsyah/+z0CbgQZPmvp7SNOZmWhGdp26PAw7tOOkxJKgNiESdRSL73cawIuTUOhOmHGLpTVsVGsQQ9nuNn/Y5oQUwWJJzdt6d0BJkVr4YBUcg6CvjOVxcNR9Jm8CAwEAAaMhMB8wHQYDVR0OBBYEFKpiEhEA5eJvMS/oZ19jXTqKOHDLMA0GCSqGSIb3DQEBCwUAA4IBAQA7gStJbp9Drkh+K+jG0cMbxKKqOIWRofqZjvsD4B+cuwqZO5O2mEPQmuW021BpkOQ/aQvmd+J97G2LkIU0EvR4F9pu9fep5ZveXDiOXb7hOKzHprRfi0GO64JvP3Rt7pjSUVix21/rn4p4ESGcx7TdFhRIwix6gXWMxlRQyBaZ3wJyr0YnQl1h4vvgi8o5aB/3tNSbuZDFh4GNjqLgyvHgfiJczqR/odJF6aY+hM9QGu6grVUiWWcujE58Z0DdH1VaCVL/UsHj3n2zrgm4ePT+6cl0QRsEGxvMn3/UZ1CP3FllKGNf1PRyM+XC1N62Bt332Xi1swjLfZLbMxDcdBEf"
]
},
{
"kty": "RSA",
"use": "sig",
"kid": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
"x5t": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
"n": "oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw",
"e": "AQAB",
"x5c": [
"MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE="
]
}
]
}
答案 0 :(得分:0)
根据说明,您使用Azure AD和Spring Security OAuth实现了OAuth 2.0提供程序。
根据我的理解,OAuth 2.0中的提供者角色实际上在授权服务和资源服务之间分配。如果您只在应用程序中获取令牌并将令牌发送到受Azure AD保护的资源,则无需验证令牌。例如,您的Web应用程序实现OAuth 2.0提供程序以使用户能够从Azure AD获取Microsoft Graph的访问令牌,然后您的Web应用程序可以使用此访问令牌调用Microsoft Graph。 Microsoft Graph将验证访问令牌。
如果您还实现了资源服务并通过Spring Security OAuth使用Azure AD保护它,则需要实现function openWindow(lsqid){
map.data.forEach((feature)=>{
if(feature.getProperty('lsqid') === lsqid){
clickEventOnMapData({feature});
}
});
}
来验证令牌并处理密钥翻转。
您可以参考this link手动验证访问令牌。有关Spring Oauth2开发的更多细节,您可以参考以下链接: