登录后白页(代码流+PKCE)
问题描述 投票:0回答:0
我可以看到登录名,但在输入用户名和密码后,它会重定向到 http://localhost:9000/error?continue。
我正在尝试做代码流 + PKCE,我几乎遵循了我从互联网上找到的每一个例子,但仍然做不到。
重现行为的步骤。
- http://本地主机:4200
- 浏览器重定向到oauth登录页面
- 输入凭据
- 重定向到上面的 whitelist 页面
授权服务器在https://github.com/mgonzaga1990/spring-oauth2-angular/tree/main/services/authorization 角度项目在https://github.com/mgonzaga1990/spring-oauth2-angular/tree/main/ui
@Bean
public CorsConfigurationSource corsConfigurationSource(){
var configuration = new CorsConfiguration();
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configuration.addAllowedOrigin("*");
var source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**",configuration);
return source;
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
// return new BCryptPasswordEncoder();
}
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain asSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.oidc(Customizer.withDefaults())
.and().cors(Customizer.withDefaults());
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain appSecurityFilterChain(HttpSecurity http) throws Exception {
// http.authorizeHttpRequests().anyRequest().authenticated();
// return http.build();
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().authenticated())
.cors(httpSecurityCorsConfigurer -> httpSecurityCorsConfigurer.configurationSource(corsConfigurationSource()))
.formLogin();
return http.build();
}
@Bean
public RegisteredClientRepository registeredClientRepository() {
// var registeredClient = RegisteredClient.withId("e4a295f7-0a5f-4cbc-bcd3-d870243d1b05")
// .clientId("huongdanjava1")
// .clientSecret("secret")
// .scope("read")
// .redirectUri("https://oidcdebugger.com/debug")
// .redirectUri("https://oauthdebugger.com/debug")
// .redirectUri("https://springone.io/authorized")
// .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
// .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
// .tokenSettings(TokenSettings.builder().build())
// .build();
var registeredClient = RegisteredClient.withId("e4a295f7-0a5f-4cbc-bcd3-d870243d1b05")
.clientId("public_client")
.clientSecret("{noop}obscura")
.scope(OidcScopes.OPENID)
.scope(OidcScopes.EMAIL)
.scope(OidcScopes.PROFILE)
.redirectUri("https://oidcdebugger.com/debug")
.redirectUri("https://oauthdebugger.com/debug")
.redirectUri("https://springone.io/authorized")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.clientSettings(ClientSettings.builder()
.requireAuthorizationConsent(false)
.requireProofKey(true)
.build())
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails userDetails = User.withUsername("admin")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(userDetails);
}
@Bean
public AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
import { AuthConfig,OAuthService } from 'angular-oauth2-oidc';
export const authCodeFlowConfig: AuthConfig = {
// Url of the Identity Provider
issuer: 'http://localhost:9000',
disablePKCE: false,
sessionChecksEnabled: false,
// URL of the SPA to redirect the user to after login
redirectUri: window.location.origin ,
// The SPA's id. The SPA is registerd with this id at the auth-server
// clientId: 'server.code',
clientId: 'public-client',
// Just needed if your auth server demands a secret. In general, this
// is a sign that the auth server is not configured with SPAs in mind
// and it might not enforce further best practices vital for security
// such applications.
// dummyClientSecret: 'secret',
responseType: 'code',
// set the scope for the permissions the client should request
// The first four are defined by OIDC.
// Important: Request offline_access to get a refresh token
// The api scope is a usecase specific one
scope: 'openid profile email',
showDebugInformation: true,
};
@Injectable({
providedIn: 'root'
})
export class AuthConfigServiceService {
constructor(private readonly oauthService : OAuthService) {
if (!this.oauthService.hasValidIdToken()) {
this.oauthService.configure({
scope: 'openid profile email',
responseType: 'code',
oidc: true,
disablePKCE: false,
sessionChecksEnabled: false,
clientId: 'public-client',
issuer: 'http://localhost:9000', // eg. https://acme-jdo9fs.zitadel.cloud
redirectUri: 'http://localhost:4200/auth/callback',
postLogoutRedirectUri: 'http://localhost:4200/',
requireHttps: false // required for running locally
});
this.oauthService.loadDiscoveryDocument().then(() => {
this.oauthService.initCodeFlow();
});
}
}
}
不确定我遗漏了什么或者这还不支持吗?
图书馆:
"angular-oauth2-oidc": "^15.0.1",
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>1.0.1</version>
</dependency>
源码在我提供的git上
我试过了
最新问题
- Iron Pdf 未加载字体
- 为 statsmodels.iolib.summary.Summary 选择系数行
- 使用驱动 API 如何在不破坏脚本的情况下复制电子表格?
- 如何缓解 Node.js 中的 Slowloris?
- PHP 为curl 创建文件数组
- 405 方法不允许 - 跨源时严格源 IIS8
- 无法修补 PrimeNG p 编辑器组件的值
- 如何使用 next.js 图像组件与 HTML <picture> 元素?
- munmap_chunk():无效指针(核心已转储)
- 如何使用python从内网站点抓取URL数据?
- 如何使用本机反应将鼠标悬停在文本下划线?
- 使用 Google App 脚本设置文件权限
- 跨多个线程向 Swift 数组添加项目会导致问题(因为数组不是线程安全的) - 我该如何解决这个问题?
- 通过 Google Apps 脚本更改文档的权限
- 将特定数字日期转换为显示月份
- 如何将所有子视图移动到新的父视图,同时保持所有约束不变?
- 使用反射将泛型类传递给泛型方法
- 下面的语法中const应该如何使用?
- Apps 脚本不会在提交的 Google 表单中的 Google Sheet 的最后一行数据上停止
- Perl oneliner 可在具有特殊字符的许多不同值上匹配路径中的精确单词
© www.soinside.com 2019 - 2024. All rights reserved.