Oauth 2.0 apereo CAS服务器中accessToken url的请求错误
我想将我的spring云网关应用程序与apereo CAS服务器(在8443端口上运行)集成,并将CAS服务器配置为Oauth2授权服务器。这里是流程Oauth 2.0 apereo CAS服务器中accessToken url的请求错误,oauth-2.0,single-sign-on,cas,spring-cloud-gateway,apereo,Oauth 2.0,Single Sign On,Cas,Spring Cloud Gateway,Apereo,我想将我的spring云网关应用程序与apereo CAS服务器(在8443端口上运行)集成,并将CAS服务器配置为Oauth2授权服务器。这里是流程 我请求网关 它与授权服务器(此处为CAS)交互 在交互之前,它需要在那里登录 我使用默认cas覆盖模板凭据成功登录。(casuser:Mellon) cas使用login/oauth2/code/login client?code=OC-3-TURQDNdC4jXulPgK7ipJSzfoBLi-iaSv&state=aitark42e0zx2
- 我请求网关
- 它与授权服务器(此处为CAS)交互
- 在交互之前,它需要在那里登录
- 我使用默认cas覆盖模板凭据成功登录。(casuser:Mellon)
- cas使用login/oauth2/code/login client?code=OC-3-TURQDNdC4jXulPgK7ipJSzfoBLi-iaSv&state=aitark42e0zx2itfkezzorm2rlehxsex6gtifzohlwy%3D url重定向到网关
- 网关上发生[invalid_grant]错误
[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [33597172] Completed 302 FOUND, headers={masked}
[ctor-http-nio-2] o.s.h.s.r.ReactorHttpHandlerAdapter : [33597172] Handling completed
[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [33597172] HTTP GET "/login/oauth2/code/login-client?code=OC-14-F99FROWxhVYzpfxkmQqB1BAfP-oOfIfI&state=Y9XC3NNkPUvb649Tx0dIDG4ZyIInioAD-xT2ll3bfII%3D", headers={masked}
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions : [dee9e83] HTTP POST http://localhost:8443/cas/oauth2.0/accessToken, headers={masked}
[ctor-http-nio-2] o.s.http.codec.FormHttpMessageWriter : [dee9e83] Writing form fields [grant_type, code, redirect_uri] (content masked)
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions : [dee9e83] Response 400 BAD_REQUEST, headers={masked}
[ctor-http-nio-2] o.s.http.codec.json.Jackson2JsonDecoder : [dee9e83] Decoded [{error=invalid_grant}]
显然,由于请求错误,它无法请求访问\u令牌。但是,我找不到什么是有效参数。而且,我不会手动请求,而是在幕后自动请求。我的错在哪里?谢谢你的帮助
以下是我的spring云网关配置:
spring:
security:
oauth2:
client:
registration:
login-client:
provider: uaa
client-id: first-client
client-secret: noonewilleverguess
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
provider:
uaa:
authorization-uri: http://localhost:8443/cas/oauth2.0/authorize
token-uri: http://localhost:8443/cas/oauth2.0/accessToken
user-info-uri: http://localhost:8443/cas/oauth2.0/profile
prefer-token-info: false
client-authentication-scheme: form
cas oauth2注册服务
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "first-client",
"clientSecret": "noonewilleverguess",
"serviceId": "http://localhost:8085/.*",
"name": "OAuthService",
"bypassApprovalPrompt": true,
"id": 1003,
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
我使用的资源
好的,问题其实很简单。spring cloud gateway自动填充3个字段(授权类型、代码、重定向uri),但cas apereo服务器的api包含5个字段(授权类型、代码、重定向uri以及客户端id、客户端机密)。为了解决这个问题,您可以定义您的api,它在cas中接受3个参数,其余的逻辑将是相同的。您唯一要做的就是覆盖访问令牌api字段行为