我想设置多个ClientRegistration与同一个提供程序一起使用。 我正在使用spring-security示例应用程序。 我的配置如下:
spring.security.oauth2.client.registration.alpha.client-id=<C_ID>
spring.security.oauth2.client.registration.alpha.client-secret=<C_S>
spring.security.oauth2.client.registration.alpha.client-name=appa application
spring.security.oauth2.client.registration.alpha.provider=kck
spring.security.oauth2.client.registration.alpha.scope=openid,email,profile
spring.security.oauth2.client.registration.alpha.redirect-uri-template={baseUrl}/login/oauth2/code/appa
spring.security.oauth2.client.registration.alpha.client-authentication-method=basic
spring.security.oauth2.client.registration.alpha.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.beta.client-id=<C_ID2>
spring.security.oauth2.client.registration.beta.client-secret=<C_S2>
spring.security.oauth2.client.registration.beta.client-name=appb application
spring.security.oauth2.client.registration.beta.provider=kck
spring.security.oauth2.client.registration.beta.scope=openid,email,profile
spring.security.oauth2.client.registration.beta.redirect-uri-template={baseUrl}/login/oauth2/code/appb
spring.security.oauth2.client.registration.beta.client-authentication-method=basic
spring.security.oauth2.client.registration.beta.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.kck.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
spring.security.oauth2.client.provider.kck.token-uri=https://www.googleapis.com/oauth2/v4/token
spring.security.oauth2.client.provider.kck.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo
spring.security.oauth2.client.provider.kck.user-info-authentication-method=header
spring.security.oauth2.client.provider.kck.jwk-set-uri=https://www.googleapis.com/oauth2/v3/certs
spring.security.oauth2.client.provider.kck.user-name-attribute=sub
控制器基本上是spring-security示例的副本
@GetMapping("/")
public String index(Model model,
@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
@AuthenticationPrincipal OAuth2User oauth2User) {
model.addAttribute("userName", oauth2User.getName());
model.addAttribute("clientName", authorizedClient.getClientRegistration().getClientName());
model.addAttribute("userAttributes", oauth2User.getAttributes());
model.addAttribute("accessToken", authorizedClient.getAccessToken());
//same info, other approach
// OidcUser principal = (OidcUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
// model.addAttribute("claims", principal.getClaims());
//profile is null
// model.addAttribute("profile", principal.getUserInfo());
return "index_ss";
}
第一个客户端登录成功,但是第二个客户端登录在重定向/ login / oauth2 / code / appa上返回错误
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon Jan 21 11:12:21 EET 2019
There was an unexpected error (type=Not Found, status=404).
Not Found
我希望OAuth2LoginAuthenticationFilter成功重定向到“ /”,请帮助我理解为什么不这样做以及如何将其获取。
另一个问题是关于UserInfo端点的,尽管spring-security自述文件说
At this point, the OAuth Client retrieves your email address and basic profile information from the UserInfo Endpoint and establishes an authenticated session.
我可以注释掉端点URL,并且返回的用户信息仍然相同。 谢谢