使用 client_secret_jwt 测试 OAuth2 客户端时,出现错误并提示有关使用
setRequestEntityConverter
:
java.lang.IllegalArgumentException: This class supports `client_secret_basic`, `client_secret_post`, and `none` by default. Client [****abc****] is using [client_secret_jwt] instead. Please use a supported client authentication method, or use `setRequestEntityConverter` to supply an instance that supports [client_secret_jwt].
at org.springframework.util.Assert.isTrue(Assert.java:129) ~[spring-core-6.1.1.jar:6.1.1]
at org.springframework.security.oauth2.client.endpoint.ClientAuthenticationMethodValidatingRequestEntityConverter.convert(ClientAuthenticationMethodValidatingRequestEntityConverter.java:42) ~[spring-security-oauth2-client-6.2.0.jar:6.2.0]
我尝试遵循 Spring Security 指南: 使用 client_secret_jwt 进行身份验证 并创建一个 OAuth2AccessTokenResponseClient bean“setRequestEntityConverter”
@Bean
public OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient() {
OAuth2ClientCredentialsGrantRequestEntityConverter requestEntityConverter =
new OAuth2ClientCredentialsGrantRequestEntityConverter();
requestEntityConverter.addParametersConverter(
new NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver));
DefaultClientCredentialsTokenResponseClient tokenResponseClient =
new DefaultClientCredentialsTokenResponseClient();
tokenResponseClient.setRequestEntityConverter(requestEntityConverter);
return tokenResponseClient;
}
我还添加了 OAuth2AuthorizedClientManager :
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository,
OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> accessTokenResponseClient) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.clientCredentials(builder ->
builder.accessTokenResponseClient(accessTokenResponseClient
)
)
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
我错过了什么? 我需要向 SecurityFilterChain bean 添加更多 bean 或其他内容吗?还是客户注册?
版本: spring-boot-starter-parent 3.2.0 有 弹簧安全 6.2.0
对我来说,我发现如果我在应用程序配置中将 client-authentication-method 设置为 client_secret_basic 或 client_secret_post,我相信它会对您有用。
spring:
security:
oauth2:
client:
registration:
spotify-client:
client-authentication-method: client_secret_post