我正在努力使用 OAuth2 客户端功能自定义 Spring Boot 3.2.1 应用程序。我正在使用的 API 有一个非标准的必需标头作为令牌请求的一部分。
最终目标是构建一个 WebClient 来与 OAuth 保护的 API 交互。
我有以下application.yml:
spring:
security:
oauth2:
client:
registration:
foobar:
client-authentication-method: client_secret_basic
authorization-grant-type: client_credentials
client-id: xxxxxxxxxx
client-secret: xxxxxxxxxx
provider:
foobar:
token-uri: xxxxxx
到目前为止,我有以下用于构造 WebClient 的配置类:
@Configuration
public class foobarWebClientBeans {
@Bean
public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
return new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
}
@Bean
public ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction(AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager) {
ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(foobarOauth2AuthorizedClientManager);
foobarServerFilterFunction.setDefaultClientRegistrationId("foobar");
return foobarServerFilterFunction;
}
@Bean
public WebClient foobarWebClient(ServerOAuth2AuthorizedClientExchangeFilterFunction foobarServerFilterFunction) {
return WebClient.builder()
.filter(foobarServerFilterFunction)
.baseUrl("https://foobar.com")
.build();
}
}
foobar
API 需要以下标头来进行令牌请求:FOOBAR UUID: xxxxx
我在 spring 文档中看到以下注释,似乎表明它可以完成,但实际上并没有详细说明:自定义访问令牌请求(文档描述了参数,但也有 headers 的方法)
经过一番挖掘(&反复试验),我找到了如何修改请求。
我必须创建一个新的
ReactiveOAuth2AuthorizedClientProvider
并将其添加到客户管理器中。
之前:
@Bean
public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
return new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
}
之后:
@Bean
public AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager(ReactiveClientRegistrationRepository clientRegistrations, ReactiveOAuth2AuthorizedClientService authorizedClientService) {
WebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
tokenResponseClient.addHeadersConverter(source -> {
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add("FOOBAR UUID", UUID.randomUUID().toString());
return httpHeaders;
});
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials(configurer -> configurer.accessTokenResponseClient(tokenResponseClient))
.build();
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager foobarOauth2AuthorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrations, authorizedClientService);
foobarOauth2AuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return foobarOauth2AuthorizedClientManager;
}