我的问题有点不寻常,我正在努力创建一个自定义的
@RestController
,每次为我的应用程序启动不同范围的 OAuth2 登录过程?
更具体地说,我有一个这样的示例配置:
spring:
security:
oauth2:
client:
registration:
my-client:
clientId: client1
clientSecret: some-password
// Basic the property `scope` is not provided here, but in the controller
provider:
my-client:
authorizationUri: https://somehost.com/oauth
userInfoUri: https://somehost.com/data
tokenUri: https://somehost.com/oauth/token
redirectUri: https://somehost.com/oauth
authorizationGrantType: authorization_code
clientAuthenticationMethod: client_secret_post
我想要创建的是一个 API 端点,它充当代理端点,根据提供的
scope
将用户移动到登录页面。
@GetMapping(path="/redirect-to-login")
public ResponseEntity<?> proxyLogin(@RequestParam("scope") final String scope) {
log.info("Received scope: {}", scope);
// TODO: What needs to happen here, is that I need to generate a new login here
// TODO: for the requested OAuth2 Client scope and redirect the user to the login page of
// TODO: the provider with the scope.
}
我尝试接收
OAuth2ClientRegistrationRepository
的所有客户注册,并尝试扩展它以提供那里的范围,但我无法弄清楚。
您可以为您需要的每个“登录配置文件”定义注册:
spring:
security:
oauth2:
client:
provider:
my-provider:
authorizationUri: https://somehost.com/oauth
userInfoUri: https://somehost.com/data
tokenUri: https://somehost.com/oauth/token
redirectUri: https://somehost.com/oauth
authorizationGrantType: authorization_code
clientAuthenticationMethod: client_secret_post
registration:
reagistration-a:
provider: my-provider
clientId: client1
clientSecret: some-password
scope:
- openid
- profile
- email
- offline_access
- roles
reagistration-b:
provider: my-provider
clientId: client1
clientSecret: some-password
scope:
- openid
- offline_access
- whatever-scope
然后前端在正确的 URI 处启动授权代码流:
/oauth2/authorization/{registration-id}
(设置路径值而不是您调用范围的请求参数的值)