我想授予对将请求发布到我的Webhook的客户端的访问权限。
这是配置我的Oauth2的方式:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
public static final String CLIENT_ID = "myFirstClient";
@Autowired
private TokenStore tokenStore;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient(CLIENT_ID)
.authorizedGrantTypes("client_credentials", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.secret("secret")
.accessTokenValiditySeconds(300).//Access token is only valid for 5 minutes.
refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
.authenticationManager(authenticationManager);
}
}
当我收到来自特定域的请求时,不需要它们的访问令牌。
这是客户端发布请求时的端点:
@PostMapping(value = "/verify/webhooks/checks/completed")
public ResponseEntity checkCompleted(@RequestBody String payload) {
}
响应是401,因为客户端没有访问令牌,因为它是第三方API。