现在我正在使用下一个配置:
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(mAppConfig.dataSource())
.withClient("virto")
.secret("secret")
.authorizedGrantTypes("password", "authorization_code", "refresh_token");
}
}
它需要发送client_id, client_secret, username, password ...但我需要为我信任的服务器提供access_token,只有client_id和client_secret ...我怎么能成功?可能吗?
您需要的是使用client_credentials grant配置客户端
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(mAppConfig.dataSource())
.withClient("virto")
.secret("secret")
.authorizedGrantTypes("client_credentials");
}
}
要获取令牌,您需要发送一个帖子请求,其凭据为64位编码。
POST http://localhost:8080/paymentiq/oauth/token?grant_type=client_credentials -h 'Authorization: [clientId:secret]'