im开发一个Oauth2 Spring启动应用程序(基于https://www.baeldung.com/spring-security-oauth-jwt),当我请求令牌时,响应如下:
{“ access_token”:“ eyJhb .....”, “ token_type”:“承载者”, “ refresh_token”:“ eyJhb .....”, “ expires_in”:43199,“ scope”:“ foo读写”,“ Claim 1”:“信息声明 1”,“声明2”:“信息声明2”,“ jti”: “ 22c535eb-16f5-4bc5-bda4-6026b2183381”}
访问令牌本身是正确的(内部带有自定义声明),但是响应中也未包含声明,这是正确的吗?如何删除它们?
这是授权类:
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(tokenServices())
.authenticationManager(authenticationManager);
}
// some clients are created here
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setTokenEnhancer(tokenEnhancer());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
这是Enhancer类:
public class CustomTokenEnhancer extends JwtAccessTokenConverter {
public CustomTokenEnhancer() {
super.setSigningKey("123");
}
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("Claim 1", "Info claim 1");
additionalInfo.put("Claim 2", "Info claim 2");
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
return super.enhance(accessToken, authentication);
}
}
先谢谢了。