我正在尝试使用 spring-boot-starter-oauth2-client 来获取不记名令牌,其中服务接受 grant_type=client_credentials 而不是授权授权类型。
curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" -u theusername:thepassword "https://thirdpartyservice.com/token?scope=resolve+download&grant_type=client_credentials" | jq -r '.access_token'
这样就可以了,我们可以获得令牌。
按照 Spring Security 的文档,我正在配置:
spring:
application:
name: client-application
security:
oauth2:
client:
registration:
my-client:
provider: the-provider
client-id: theusername
client-secret: thepassword
authorization-grant-type: client_credentials
#grant_type: client_credentials
scope: resolve+download
provider:
the-provider:
token-uri: https://thirdpartyservice.com/token
logging:
level:
root: DEBUG
@Configuration
public class RestClientConfig {
@Bean
public RestClient restClient(OAuth2AuthorizedClientManager authorizedClientManager) {
OAuth2ClientHttpRequestInterceptor interceptor = new OAuth2ClientHttpRequestInterceptor(authorizedClientManager);
return RestClient.builder()
.requestInterceptor(interceptor)
.build();
}
}
return restClient.get()
.uri("https://resource...")
.attributes(clientRegistrationId("my-client"))
.retrieve()
.body(String.class);
问题:不幸的是,这不起作用,令牌提供者返回 400 错误,因为它需要 grant_type (授予下划线类型)。
但是 Spring Security 似乎只提供“授权授予类型”
问题:如何使用 RestClient 和 spring-boot-starter-oauth2-client 传递 grant_type ?
在 YAML 中,
scopespring:
security:
oauth2:
client:
registration:
my-client:
provider: the-provider
client-id: theusername
client-secret: thepassword
authorization-grant-type: client_credentials
scope:
- resolve
- download
这些值将转换为以空格分隔的字符串,并将空格编码为
+提醒一下,在 application.yml 中,列表要么如上所示用虚线表示,要么用逗号分隔。