我正在尝试设置一个基于 oauth 2.0 的网络客户端,本质上是一个应用程序到应用程序身份验证作为 Oauth2 客户端。
由于这是一个两步过程 - 令牌 https://
status = {HttpResponseStatus@8335} "302 "
version = {HttpVersion@8336} "HTTP/1.1"
headers = {DefaultHttpHeaders@8309} "DefaultHttpHeaders[Connection: keep-alive, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Date: Mon, 10 May 2021 09:37:31 GMT, Expires: 0, Location: https://<my-domain>/login, Pragma: no-cache, Strict-Transport-Security: max-age=31536000 ; includeSubDomains, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection: 1; mode=block, X-Cache: Miss from cloudfront, Via: 1.1 4c6f3dc807d213a0da966381e4886b08.cloudfront.net (CloudFront), X-Amz-Cf-Pop: MIA3-C2, X-Amz-Cf-Id: GMe-UuqqIXTkD1LZuES7LYQAgLWizBsN8RJ1ieGarEj6mEst9gLKbg==, content-length: 0]"
decoderResult = {HttpMessageDecoderResult@8337} "success"
我的基于 Oauth2 的网络客户端设置 ::
@Bean
WebClient getAppDevOauth2WebClient(ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(reactiveOAuth2AuthorizedClientManager);
// (optional) explicitly opt into using the oauth2Login to provide an access token implicitly
// oauth.setDefaultOAuth2AuthorizedClient(true);
oauth.setAuthorizationFailureHandler((oAuth2AuthorizationException,principal,attr) -> {
LOG.error("oAuth2AuthorizationException : {} and principal : {} and attr :{}"
, oAuth2AuthorizationException.getMessage(), principal.getName(),attr.toString());
return null;
});
oauth.setDefaultClientRegistrationId("auth0");
return WebClient.builder()
.filter(oauth)
.filter(logRequest())
.build();
}
@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
ReactiveClientRegistrationRepository clientRegistrationRepository,
ReactiveOAuth2AuthorizedClientService authorizedClientService) {
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.refreshToken()
.clientCredentials()
.build();
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =
new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientService);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
这是我使用此 Oauth2“启用”Webclient 异常从服务类进行调用时得到的最后一个异常:org.springframework.security.oauth2.client.ClientAuthorizationException: [invalid_token_response] Empty OAuth 2.0 Access Token Response
spring:
security:
oauth2:
client:
provider:
auth0:
token-uri: https://<my-domain>/oauth/token/
registration:
auth0:
client-id: my-client-id
client-secret: my-client-secret
authorization-grant-type: client_credentials
这是我得到的最后一个例外,而获取实际不记名令牌的中间步骤是给我 302 状态代码,而没有真正的 Oauth2 不记名令牌。请帮助我就此处可能存在的问题提供一些建议。
当我尝试使用相同的凭据并使用 Oauth2RestTemplate 进行设置时,它工作正常,让我使用生成的 Bearer 令牌进行 Rest Client 调用。