我使用 spring oauth2-authorization-server 1.2.2 我通过 POST 调用 http://localhost:9000/oauth2/token?grant_type=client_credentials&scope=read&client_id=client_a&client_secret=secret
它告诉我访问被拒绝。
这是我的配置
@Configuration
@EnableWebSecurity
@Import(OAuth2AuthorizationServerConfiguration.class)
public class AuthorizationServerConfig {
@Bean
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
throws Exception {
http
.csrf(Customizer.withDefaults())
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/oauth2/**").permitAll()
);
return http.build();
}
@Bean
public OAuth2AuthorizationService authorizationService() {
return new InMemoryOAuth2AuthorizationService();
}
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("client-a")
.clientSecret("secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://127.0.0.1:8080/index")
.scope("read")
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAKey rsaKey = Jwks.generateRsa();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
@Bean
public AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
}
我的配置有问题吗?我配置了访问权限。
Spring 授权服务器拒绝令牌请求中的查询参数。 请求必须在 POST 请求正文中发送参数。
此外,注册客户必须设置
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
Spring 授权服务器验证 POST 正文中的 client_id 和 client_secret 参数。