我正在尝试刷新令牌
1)JWT令牌的非对称签名是否支持发行刷新令牌?
2)为什么我的授权服务器没有根据以下配置发布刷新令牌?
@Configuration
@EnableAuthorizationServer
public class AuthorizationServiceConfig extends AuthorizationServerConfigurerAdapter {
...
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
TokenEnhancerChain chain=new TokenEnhancerChain();
chain.setTokenEnhancers(Arrays.asList(tokenEnhancer, accessTokenConverter()));
endpoints
.authenticationManager(authenticationManager)
.tokenStore(jwtTokenStore())
.tokenEnhancer(chain)
.accessTokenConverter(accessTokenConverter())
.reuseRefreshTokens(false);
}
//Assymetric Key Signing
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter jwtAccessTokenConverter=new JwtAccessTokenConverter();
try{
KeyPairGenerator keyPairGenerator=KeyPairGenerator.getInstance("RSA");
SecureRandom random=SecureRandom.getInstance("SHA1PRNG");
keyPairGenerator.initialize(1024, random);
KeyPair keyPair=keyPairGenerator.generateKeyPair();
jwtAccessTokenConverter.setKeyPair(keyPair);
} catch (Exception e) {
e.printStackTrace();
}
return jwtAccessTokenConverter;
}
@Bean
public JwtTokenStore jwtTokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(jwtTokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
}
授权服务器有选择地在发布访问令牌时发布刷新令牌。授权服务器可能支持的授权类型为:authorization_code, password, client_credentials, implicit, or refresh_token
。默认情况下,Spring OAuth2 Boot应用程序为上面列出的所有授予类型流提供客户端支持,只要您提供AuthorizationServerConfigurerAdapter
实现,那么我们就需要通过覆盖configure(ClientDetailsServiceConfigurer clients)
类的AuthorizationServerConfigurerAdapter
为客户端指定授予类型,如下例:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients.inMemory()
.withClient("your_client_id")
.secret("your_client_secret_encoded")
.authorizedGrantTypes("client_credentials","refresh_token") <<--- here
.scopes("user_info")
.redirectUris(uri_1,uri_2,uri_n);
}
所以您将立即获得访问令牌和刷新令牌。
有用材料:read
请参阅第二条评论中的解决方案。