Spring security OAuth2客户端使用client_secret_jwt进行身份验证:如何设置RequestEntityConverter?

问题描述 投票:0回答:1

使用 client_secret_jwt 测试 OAuth2 客户端时,出现错误并提示有关使用 

setRequestEntityConverter
:

java.lang.IllegalArgumentException: This class supports `client_secret_basic`, `client_secret_post`, and `none` by default. Client [****abc****] is using [client_secret_jwt] instead. Please use a supported client authentication method, or use `setRequestEntityConverter` to supply an instance that supports [client_secret_jwt].
    at org.springframework.util.Assert.isTrue(Assert.java:129) ~[spring-core-6.1.1.jar:6.1.1]
    at org.springframework.security.oauth2.client.endpoint.ClientAuthenticationMethodValidatingRequestEntityConverter.convert(ClientAuthenticationMethodValidatingRequestEntityConverter.java:42) ~[spring-security-oauth2-client-6.2.0.jar:6.2.0]

我尝试遵循 Spring Security 指南: 使用 client_secret_jwt 进行身份验证 并创建一个 OAuth2AccessTokenResponseClient bean“setRequestEntityConverter

    @Bean
    public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {

        OAuth2ClientCredentialsGrantRequestEntityConverter requestEntityConverter =
                new OAuth2ClientCredentialsGrantRequestEntityConverter();
        requestEntityConverter.addParametersConverter(
                new NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver));

        DefaultClientCredentialsTokenResponseClient tokenResponseClient =
                new DefaultClientCredentialsTokenResponseClient();
        tokenResponseClient.setRequestEntityConverter(requestEntityConverter);

        return tokenResponseClient;
    }

我还添加了 OAuth2AuthorizedClientManager :

    @Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
        ClientRegistrationRepository clientRegistrationRepository,
        OAuth2AuthorizedClientRepository authorizedClientRepository,
        OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {

    OAuth2AuthorizedClientProvider authorizedClientProvider =
            OAuth2AuthorizedClientProviderBuilder.builder()
                    .clientCredentials(builder ->
                            builder.accessTokenResponseClient(accessTokenResponseClient
                            )
                    )
                    .build();

    DefaultOAuth2AuthorizedClientManager authorizedClientManager =
            new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

    return authorizedClientManager;
}

我错过了什么? 我需要向 SecurityFilterChain bean 添加更多 bean 或其他内容吗?还是客户注册?

版本: spring-boot-starter-parent 3.2.0 有 弹簧安全 6.2.0

spring-security
1个回答
0
投票

对我来说,我发现如果我在应用程序配置中将 client-authentication-method 设置为 client_secret_basic 或 client_secret_post,我相信它会对您有用。

spring:
  security:
    oauth2:
      client:
        registration:
          spotify-client:
            client-authentication-method: client_secret_post
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.