如何在Spring Security oauth2中分离访问令牌和刷新令牌端点

问题描述 投票:2回答:1

在Spring Security oauth2中,获取访问令牌和刷新令牌使用相同的端点'/ oauth / token',并由参数grant_type'code'或'refresh_token'识别。

        if (isAuthCodeRequest(parameters)) {
            // The scope was requested or determined during the authorization step
            if (!tokenRequest.getScope().isEmpty()) {
                logger.debug("Clearing scope of incoming token request");
                tokenRequest.setScope(Collections.<String> emptySet());
            }
        }

        if (isRefreshTokenRequest(parameters)) {
            // A refresh token has its own default scopes, so we should ignore any added by the factory here.
            tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
        }

但是我想将此端点分为两个,例如'oauth / access_token'用于获取访问令牌,'oauth / refresh_token'用于刷新访问令牌。我该怎么做 ?

我尝试编写我的自定义终结点类,并注册Bean以覆盖默认的TokenEndpoint,但似乎无法正常工作。

java spring oauth-2.0 spring-security-oauth2
1个回答
0
投票

您可以为访问令牌和刷新令牌创建两个rest控制器方法,并使用rest模板在相关控制器方法内对oauth / token端点进行标准调用。

@RestController
public class TokenController {

    @RequestMapping("oauth/access_token")
    public TokenResponse getAccessToken() {
        //use rest template or httpclient to call to oauth/token and return converted TokenResponse
    }

    @RequestMapping("oauth/refresh_token")
    public TokenResponse getRefreshToken() {
        //use rest template or httpclient to call to oauth/token and return converted TokenResponse
    }
}
© www.soinside.com 2019 - 2024. All rights reserved.