Question

现在我正在使用下一个配置：

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token");
    }
}

需要发送client_id, client_secret, username, password ...但我需要为仅拥有access_token和client_id的受信任服务器提供client_secret ...我该如何制作它？有可能吗？

Answer 1

您需要的是使用client_credentials grant配置客户端

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("client_credentials");
    }
}

要获取令牌，您需要发送一个帖子请求，其凭据为64位编码。

POST http://localhost:8080/paymentiq/oauth/token?grant_type=client_credentials -h 'Authorization: [clientId:secret]'

如何通过client_id和secret仅在Spring OAuth2中进行授权？

1 个答案: