我正在尝试使用资源所有者密码凭证流从自定义的公司oauth 2授权服务器生成访问令牌。
请参见https://tools.ietf.org/html/rfc6749#section-4.3
此服务器仅在收到以下参数时才生成访问令牌:
POST https://custom_corporate_server/auth/oauth/v2/token
Header
idp: 99
Body
grant_type: password
scope: my_scope
client_id: 00******-****-****-****-**********99
client_secret: 00******-****-****-****-**********99
username: my_user
password: my_password
它们的配置需要附加的标头自定义参数:idp-应为数字。
我正在使用Spring Boot 2.3.0和Spring Security 5.3.2。
我按照下面的链接来构建测试示例:https://docs.spring.io/spring-security/site/docs/5.3.2.RELEASE/reference/html5/#using-the-access-token-2
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
OAuth2AuthorizedClientProvider authorizedClientProvider =
OAuth2AuthorizedClientProviderBuilder.builder()
.password()
.refreshToken()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
// Assuming the `username` and `password` are supplied as `HttpServletRequest` parameters,
// map the `HttpServletRequest` parameters to `OAuth2AuthorizationContext.getAttributes()`
authorizedClientManager.setContextAttributesMapper(contextAttributesMapper());
return authorizedClientManager;
}
private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper() {
return authorizeRequest -> {
Map<String, Object> contextAttributes = Collections.emptyMap();
HttpServletRequest servletRequest = authorizeRequest.getAttribute(HttpServletRequest.class.getName());
String username = servletRequest.getParameter(OAuth2ParameterNames.USERNAME);
String password = servletRequest.getParameter(OAuth2ParameterNames.PASSWORD);
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
contextAttributes = new HashMap<>();
// `PasswordOAuth2AuthorizedClientProvider` requires both attributes
contextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);
contextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);
}
return contextAttributes;
};
}
我无法将标头中的此参数传递给授权服务器。今天,这是我的主要难题。
this文章,它解释了对授权和令牌请求的各种自定义。在您的情况下,有关token request extra parameters的部分似乎准确地描述了您的需求。
您可以执行以下操作:
public class CustomRequestEntityConverter implements Converter<OAuth2PasswordGrantRequest, RequestEntity<?>> {
private OAuth2PasswordGrantRequestEntityConverter defaultConverter;
public CustomRequestEntityConverter() {
defaultConverter = new OAuth2PasswordGrantRequestEntityConverter();
}
@Override
public RequestEntity<?> convert(OAuth2PasswordGrantRequest req) {
RequestEntity<?> entity = defaultConverter.convert(req);
MultiValueMap<String, String> params = entity.getHeaders();
params.add("idp", "99");
return new RequestEntity<>(params, entity.getHeaders(), entity.getMethod(), entity.getUrl());
}
}