与使用client_credentials配置的OAuth2AuthorizedClient关联的principalId是什么？

Question

我需要获取oauth2令牌才能放入请求标头中。

我想通过OAuth2AuthorizedClient的{​​{1}}加载Oauth2注册。

我应该相信的OAuth2AuthorizedClientService已配置/可用正在使用client_credentials，因此有OAuth2AuthorizedClient，但没有clientRegistrationId。

我从根本上误会了什么吗？

我以前使用一种更加“手动”的方法来获得Oauth令牌，该方法是我手动构建principalName的。不过，我认为我不必自己构建OAuth2ClientCredentialsGrantRequest：

OAuth2ClientCredentialsGrantRequest

但是我对我的印象是，我应该能够使用// What I WAS doing... @RequiredArgsConstructor @Slf4j class JestOAuth2RequestInterceptor implements HttpRequestInterceptor { private final ClientRegistrationRepository clientRegistrationRepository; private final OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> oAuth2AccessTokenResponseClient; @Override public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { ClientRegistration registration = this.clientRegistrationRepository .findByRegistrationId("elasticsearch); // I don't think this is the best way to do things...? OAuth2ClientCredentialsGrantRequest grantRequest = new OAuth2ClientCredentialsGrantRequest(registration); OAuth2AccessTokenResponse response = oAuth2AccessTokenResponseClient.getTokenResponse(grantRequest); OAuth2AccessToken token = response.getAccessToken(); request.addHeader("Authorization", String.format("Bearer %s", token.getTokenValue())); } } 将其加载为OAuth2AuthorizedClientService并以这种方式获取令牌：

OAuth2AuthorizedClient

最后，我的application.yml看起来像这样：

// What I think I should be able to do:
@Slf4j
@RequiredArgsConstructor
class JestOAuth2RequestInterceptor implements HttpRequestInterceptor {

private final OAuth2AuthorizedClientService oAuth2AuthorizedClientService;

@Override
public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {

    // "principalName" is null because we're using client_credentials grant flow, so
    // there isn't a Principal associated to the client
    OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizedClientService
            .loadAuthorizedClient("elasticsearch", null);

    request.addHeader("Authorization",
            String.format("Bearer %s", authorizedClient.getAccessToken().getTokenValue()));
}

}

当使用spring: security: oauth2: client: provider: myprovider: authorization-uri: ${identity.auth_domain}/oauth/authorize token-uri: ${identity.auth_domain}/oauth/token user-info-uri: ${identity.auth_domain}/userinfo jwk-set-uri: ${identity.auth_domain}/token_keys registration: elasticsearch: client-name: myclientname client-id: myid client-secret: mysecret provider: myprovider authorization-grant-type: client_credentials redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}' ，得到以下情况例外：

OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizedClientService.loadAuthorizedClient("elasticsearch", null);

您会从java.lang.IllegalArgumentException: principalName cannot be empty
 at org.springframework.util.Assert.hasText(Assert.java:284) ~[spring-core-5.1.4.RELEASE.jar!/:5.1.4.RELEASE]
 at org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService.loadAuthorizedClient(InMemoryOAuth2AuthorizedClientService.java:55中看到无法使用OAuth2AuthorizedClient API作为空值创建OAuth2AuthorizedClient……但是由于这是client_credentials授予，因此不存在任何委托人与此相关吗？

https://github.com/spring-projects/spring-security/blob/master/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java#L72

但是，Spring Security参考使我似乎应该能够将OAuth2AuthorizedClient与client_credentials注册类型相关联。

https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2Client-registered-authorized-client

我在这里完全误解了吗？感谢您的宝贵时间。

（使用Spring Boot 2.1.2，Spring Security 5.1.x）