我配置了授权服务器,可以向其发送以下请求:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST
HTTP/1.1 200
Set-Cookie: JSESSIONID=1E87C912487850BE2DE6C71343C35E6E; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:20:15 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
现在,我想验证该表单,即伪单击其Authorize
按钮。
由此,我希望收到一个响应,该响应是对回调URL的重定向。
我尝试给它提供user_oauth_approval
表单参数,但没有帮助:
$ curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"HTTP/1.1 200
Set-Cookie: JSESSIONID=BDB2B137C9A6E10B3E802A8AF9E705C8; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:15:59 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>[stephane@stephane-ThinkPad-X201 user-rest (master)]
我尝试将JSESSIONID
cookie传递给它,但它也没有帮助:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"
HTTP/1.1 200
Set-Cookie: JSESSIONID=43D30521A2C3F8EF66D0F5B655DEFAF5; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 16:01:21 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
我还尝试添加提交元素数据:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\", \"authorize\" : \"Authorize\" }"
但是仍然是相同的响应。
我也使用请求尝试了httpie:
$ http -f POST http://localhost:8080/api/auth/authorize client_id=="ng-zero" redirect_uri=="http://localhost:4200/callback" state=="DCEeFWf45A53sdfKef424" response_type=="code" scope=="read_profile" "Accept:application/json" "Content-Type:application/json" "Authorization:Bearer $TOKEN" "Cookie:JSESSIONID=8D6D0C673961FB6DDB5F94DB1AC93EC7; Path=/api; HttpOnly" user_oauth_approval="true" authorize="Authorize"
HTTP/1.1 200
Cache-Control: no-store
Content-Language: en
Content-Length: 571
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Nov 2018 13:53:23 GMT
Set-Cookie: JSESSIONID=5CB863D4C5F594E05D9E0C5422DE3B9A; Path=/api; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
但这是同样的问题。
提供上一个请求的JSESSIONID
值不会提交表单,而是再次显示。
如何再次使用curl
提交此表单?