我在通过使用 azure b2c 的 swagger ui 进行身份验证时遇到问题。 该错误似乎表明缺少某些 code_challenge,尽管这不是我能够找到/手动添加到我的配置中的内容。既不在 azure config 中也不在 swagger 中。
这是我的配置:
Swagger 配置
@Bean
public OpenAPI openApi() {
return new OpenAPI()
.info(new Info()
.title("API")
.version("1.0.0"))
.addServersItem(new Server().url("http://localhost:8080"))
.components(new Components()
.addSecuritySchemes("oauth2", new SecurityScheme()
.type(OAUTH2)
.description("Sign in with Azure AD B2C OAuth2")
.flows(new OAuthFlows()
.authorizationCode(new OAuthFlow()
.authorizationUrl("https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/authorize")
.tokenUrl("https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/token")
.scopes(new Scopes()
.addString("https://costcoapp.onmicrosoft.com/f342g5-5a6b-4341-a4fc-3674gr52779/read", "Read access to demo API")
)
)
)
)
.addSecuritySchemes("bearerToken",
new SecurityScheme()
.type(HTTP)
.description("Use Access Token obtained from Azure AD B2C OAuth2")
.scheme("bearer")
.bearerFormat("JWT")
)
);
}
安全配置
@Configuration
@EnableMethodSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
private final AadB2cOidcLoginConfigurer configurer;
private final JwtClaimResolver jwtClaimResolver;
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(config -> config
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer(config -> config
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter()))
.formLogin(AbstractHttpConfigurer::disable)
.logout(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.httpBasic(AbstractHttpConfigurer::disable);
http.sessionManagement($ -> $.sessionCreationPolicy(STATELESS));
http.apply(configurer);
return http.build();
}
private JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> jwtClaimResolver.getUserGroups(jwt)
.stream()
.map(this::mapToGrantedAuthority)
.toList());
return jwtAuthenticationConverter;
}
private GrantedAuthority mapToGrantedAuthority(String userGroup) {
return new SimpleGrantedAuthority("ROLE_" + userGroup);
}
}
application.yaml 配置
spring:
cloud:
azure:
active-directory:
b2c:
enabled: true
profile:
tenant-id: <my-tenant-id>
credential:
client-id: <my-client-id>
client-secret: <my-secret>
base-uri: https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com
user-flows:
sign-up-or-sign-in: B2C_1_signupsignin1
springdoc:
api-docs:
enabled: true
swagger-ui:
oauth:
client-id: <my-client-id>
client-secret: <my-secret>
oauth2-redirect-url: http://localhost:8080/swagger-ui/oauth2-redirect.html
那是因为您使用的 PKCE 流程需要 code_challenge。