这是我得到的错误
https://spring.io/?error=invalid_scope&error_description=OAuth%202.0%20Parameter:%20scope&error_uri=https://datatracker.ietf.org/doc/html/rfc6749%23section-4.1.2.1
我从数据库中获得客户端,这是我的oauth2配置:
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain securityAuthFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin().and().build();
}
@Bean
public AuthorizationServerSettings authorizationServerSettings(){return AuthorizationServerSettings.builder().build();}
@Bean
public JWKSource<SecurityContext> jwkSource(){
RSAKey rsaKey = JwksKeys.generateRSAKey();
JWKSet set = new JWKSet(rsaKey);
return (j, sc) -> j.select(set);
}
@Bean
public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
return context -> {
if (context.getTokenType() == OAuth2TokenType.ACCESS_TOKEN) {
Authentication principal = context.getPrincipal();
Set<String> authorities = principal.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.toSet());
for (String s:authorities)
System.out.println(s);
context.getClaims().claim("roles", authorities);
}
};
}
这是我的WebSecurity类:
private final CorsCustomizer corsCustomizer;
private final UserService userService;
private final ClientService clientService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer configurer = new OAuth2AuthorizationServerConfigurer();
http.apply(configurer);
configurer.registeredClientRepository(clientService);
corsCustomizer.customize(http);
return http.formLogin()
.and()
.authorizeHttpRequests()
.requestMatchers("/users/**").permitAll()
.requestMatchers("/clients/**").permitAll()
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf().ignoringRequestMatchers("/users/**", "/clients/**")
.and().build();
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
var provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userService);
provider.setPasswordEncoder(passwordEncoder());
return new ProviderManager(provider);
}
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
这就是我发送请求的方式:
http://localhost:8080/oauth2/authorize?response_type=code&client_id=client&scope=openid&redirect_uri=https://spring.io/auth
这是我的诗:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
<version>1.18.22</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-ui</artifactId>
<version>1.6.4</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.2.25</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct</artifactId>
<version>1.4.2.Final</version>
</dependency>
</dependencies>
我的客户端:
private final ClientRepository clientRepository;
@Override
public void save(RegisteredClient registeredClient) {
}
@Override
public RegisteredClient findById(String id) {
Client client = clientRepository.findById(id).orElseThrow();
return toRegisteredClient(client);
}
@Override
public RegisteredClient findByClientId(String clientId) {
return findById(clientId);
}
public ClientDto createClient(CreateClientRequest request) {
var client = new Client(request);
var scopes = request.getScopes().stream().map(ClientScope::new).collect(Collectors.toSet());
client.setScopes(scopes);
client.setClientRedirectUrls(request.getRedirectUris().stream()
.map(url -> new ClientRedirectUrl(url, client))
.collect(Collectors.toSet()));
clientRepository.save(client);
return new ClientDto(client);
}
public RegisteredClient toRegisteredClient(Client client) {
RegisteredClient.Builder builder = RegisteredClient.withId(client.getId())
.clientId(client.getId())
.clientSecret(client.getSecret())
.clientAuthenticationMethod(client.getAuthenticationMethod())
.authorizationGrantTypes(
authorizationGrantTypes -> authorizationGrantTypes.addAll(client.getGrantTypes()))
.redirectUris(
redirectUris -> redirectUris.addAll(client.getClientRedirectUrls()
.stream()
.map(ClientRedirectUrl::getUrl)
.collect(Collectors.toSet())))
.scopes(scopes -> scopes.addAll(client.getScopes()
.stream()
.map(ClientScope::getScope)
.collect(Collectors.toSet())));
return builder.build();
}
在我更新到oauth2 1.0.0之后,它开始给我无效的范围错误,它不像以前那样重定向到登录页面。我怎样才能修好它?
我有一个类似的问题-我不知道从0.3到1.0的底层有什么变化,但是这里有一个示例应用程序可用于授权服务器。
基本上,SecurityFilterChain bean的配置是不同的,它还需要一个JwtDecoder bean。