Spring Boot Azure B2C Swagger 身份验证

我在通过使用 azure b2c 的 swagger ui 进行身份验证时遇到问题。 该错误似乎表明缺少某些 code_challenge，尽管这不是我能够找到/手动添加到我的配置中的内容。既不在 azure config 中也不在 swagger 中。

这是我的配置：

Swagger 配置

@Bean
    public OpenAPI openApi() {
        return new OpenAPI()
            .info(new Info()
                .title("API")
                .version("1.0.0"))
            .addServersItem(new Server().url("http://localhost:8080"))
            .components(new Components()
                .addSecuritySchemes("oauth2", new SecurityScheme()
                        .type(OAUTH2)
                        .description("Sign in with Azure AD B2C OAuth2")
                        .flows(new OAuthFlows()
                            .authorizationCode(new OAuthFlow()
                                .authorizationUrl("https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/authorize")
                                .tokenUrl("https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/token")
                                .scopes(new Scopes()
                                    .addString("https://costcoapp.onmicrosoft.com/f342g5-5a6b-4341-a4fc-3674gr52779/read", "Read access to demo API")
                                    
                                )
                            )
                        )
                )
                .addSecuritySchemes("bearerToken",
                    new SecurityScheme()
                        .type(HTTP)
                        .description("Use Access Token obtained from Azure AD B2C OAuth2")
                        .scheme("bearer")
                        .bearerFormat("JWT")
                )
            );
    }

安全配置

    @Configuration
@EnableMethodSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final AadB2cOidcLoginConfigurer configurer;

    private final JwtClaimResolver jwtClaimResolver;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests(config -> config
                .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
                .anyRequest().authenticated())
            .oauth2ResourceServer(config -> config
                .jwt()
                .jwtAuthenticationConverter(jwtAuthenticationConverter()))
            .formLogin(AbstractHttpConfigurer::disable)
            .logout(AbstractHttpConfigurer::disable)
            .csrf(AbstractHttpConfigurer::disable)
            .httpBasic(AbstractHttpConfigurer::disable);
        http.sessionManagement($ -> $.sessionCreationPolicy(STATELESS));
        http.apply(configurer);
        return http.build();
    }

    private JwtAuthenticationConverter jwtAuthenticationConverter() {
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> jwtClaimResolver.getUserGroups(jwt)
            .stream()
            .map(this::mapToGrantedAuthority)
            .toList());
        return jwtAuthenticationConverter;
    }

    private GrantedAuthority mapToGrantedAuthority(String userGroup) {
        return new SimpleGrantedAuthority("ROLE_" + userGroup);
    }

}

application.yaml 配置

   spring:
  cloud:
    azure:
      active-directory:
        b2c:
          enabled: true
          profile:
            tenant-id: <my-tenant-id>
          credential:
            client-id: <my-client-id>
            client-secret: <my-secret>
          base-uri: https://costcoapp.b2clogin.com/costcoapp.onmicrosoft.com
          user-flows:
            sign-up-or-sign-in: B2C_1_signupsignin1

springdoc:
  api-docs:
    enabled: true
  swagger-ui:
    oauth:
      client-id: <my-client-id>
      client-secret: <my-secret>
    oauth2-redirect-url: http://localhost:8080/swagger-ui/oauth2-redirect.html