这是我的应用程序属性文件:
spring.security.oauth2.client.registration.myclient.client-id=SampleClientId
spring.security.oauth2.client.registration.myclient.client-secret=secret
spring.security.oauth2.client.provider.myclient.authorization-uri=http://localhost:8081/auth/oauth/authorize
spring.security.oauth2.client.provider.myclient.token-uri=http://localhost:8081/auth/oauth/token
spring.security.oauth2.client.provider.myclient.user-info-uri=http://localhost:8081/auth/user/me
spring.security.oauth2.client.registration.myclient.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.myclient.redirect-uri=http://localhost:8080/hellouser
spring.security.oauth2.client.provider.myclient.userNameAttribute=user
这是我的配置类:
@Configuration class SecurityConfig extends WebSecurityConfigurerAdapter {
@throws[Exception]
override protected def configure(http: HttpSecurity): Unit = {
http.authorizeRequests.anyRequest.authenticated.and.oauth2Login
.redirectionEndpoint()
.baseUri("/")
}
}
和这个我的控制器:
case class Message(val string: String)
@Controller
class SuccessController {
@GetMapping(path = Array("/hellouser"), produces = Array(MediaType.APPLICATION_JSON_VALUE))
def getHelloUser(model: Model, authentication: OAuth2AuthenticationToken ): Message = {
Message("hello user")
}
}
当我登录时,我返回ERR_TOO_MANY_REDIRECTS
在开发者控制台的网络部分,我看到这三个调用被无限地重复:
我做错了什么?
谢谢
请勿将您的重定向URI设置为API。
授权码流中的重定向URI用于拾取授权码,因此可以将其交换为令牌。
您的设置中发生的是
/helloworld
https://auth0.com/docs/flows/concepts/auth-code具有这种视觉效果,您没有进入步骤4,而是将流程短路回到步骤1
您的配置使auth代码流从未完成。您应该只保留Spring默认重定向URI并删除spring.security.oauth2.client.registration.myclient.redirect-uri=http://localhost:8080/hellouser
也无需设置redirectionEndpoint#baseUri
配置。