我正在尝试使用 Spring Java 应用程序中的 OAuth2 向 Jobber 进行身份验证。 我根据他们的文档在 application.yml 中有这些设置https://developer.getjobber.com/docs/building_your_app/app_authorization
security:
oauth2:
client:
provider:
oidc:
authorization-uri: https://api.getjobber.com/api/oauth/authorize
token-uri: https://api.getjobber.com/api/oauth/token
registration:
oidc:
client-id: xxx
client-secret: xxx
authorization-grant-type: authorization_code
scope: clients, invoices, users, offline_access # last one for refresh tokens
redirect-uri: http://localhost:9000/login/oauth2/code/oidc
我正在修改与“issuer-uri”一起使用的代码,该代码在 .well-known/openid-configuration 响应中提供这些参数,但我的尝试是基于 spring 文档:https://docs.spring。 io/spring-security/reference/servlet/oauth2/login/core.html,编辑安全链:
.and()
.oauth2Login() //modify the oauth2 parameters to handle the jobber config
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(authenticationConverter())
.and()
.and()
.oauth2Client();
与
.and()
.oauth2Login( oauth2LoginCustomizer()) //modify the oauth2 parameters to handle the jobber config
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(authenticationConverter())
.and()
.and()
.oauth2Client();
...
Customizer<OAuth2LoginConfigurer<HttpSecurity>> oauth2LoginCustomizer(){
return (oauth2Login) -> oauth2Login
.userInfoEndpoint(userInfo -> userInfo
.userAuthoritiesMapper(userAuthoritiesMapper())
);
}
并删除使用颁发者-uri 的方法:
@Bean
JwtDecoder jwtDecoder(ClientRegistrationRepository clientRegistrationRepository, RestTemplateBuilder restTemplateBuilder) {
NimbusJwtDecoder jwtDecoder = JwtDecoders.fromOidcIssuerLocation(issuerUri);
OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator(jHipsterProperties.getSecurity().getOauth2().getAudience());
OAuth2TokenValidator<Jwt> withIssuer = JwtValidators.createDefaultWithIssuer(issuerUri);
OAuth2TokenValidator<Jwt> withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);
jwtDecoder.setJwtValidator(withAudience);
jwtDecoder.setClaimSetConverter(
new CustomClaimConverter(clientRegistrationRepository.findByRegistrationId("oidc"), restTemplateBuilder.build())
);
return jwtDecoder;
}
例外:
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.oauth2.jwt.JwtDecoder' available
如何修改配置以仅使用 Jobber 提供的参数?
如何在没有 Issuer-uri 的情况下创建 OAuth2 Spring 配置?
答案:
但是,我没有找到
getjobbergetjobber您可以选择本地解决方案(Keycloak 是一个著名的解决方案)、云产品(如 Auth0、Amazon Cognito 等),或者选择使用 spring-authorization-server“自己动手”。
使用授权服务器配置资源服务器后有两个选项:
authorization-grant-type: client_credentialsauthorization_codespring-cloud-gatewayOAuth2AuthorizedClientRepository