Spring security Spring OAuth2 SSO是否支持Azure Active Directory签名密钥滚动以进行令牌验证？_Spring Security_Single Sign On_Azure Active Directory

Spring security Spring OAuth2 SSO是否支持Azure Active Directory签名密钥滚动以进行令牌验证？

spring-security single-sign-on azure-active-directory

Spring security Spring OAuth2 SSO是否支持Azure Active Directory签名密钥滚动以进行令牌验证？,spring-security,single-sign-on,azure-active-directory,Spring Security,Single Sign On,Azure Active Directory,我正在使用SpringOAuth2SSO开发一个SSO应用程序。我使用Azure AD作为OAuth2提供程序，它拥有并公开带有JWKS URI（OpenID配置）的公钥，如下所示。在Spring OAuth2 SSO中有什么方法可以进行令牌验证吗 { "keys": [ { "kty": "RSA", "use": "sig", "kid": "9FXDpbfMFT2SvQuXh846YTwEIBw", "x5t": "9FXDpbfMFT2SvQuXh846YTwEIBw

我正在使用SpringOAuth2SSO开发一个SSO应用程序。我使用Azure AD作为OAuth2提供程序，它拥有并公开带有JWKS URI（OpenID配置）的公钥，如下所示。在Spring OAuth2 SSO中有什么方法可以进行令牌验证吗

{
  "keys": [
{
  "kty": "RSA",
  "use": "sig",
  "kid": "9FXDpbfMFT2SvQuXh846YTwEIBw",
  "x5t": "9FXDpbfMFT2SvQuXh846YTwEIBw",
  "n": "kvt1VmR4nwkNM8jMU0wmj2gSS8NznbOt2pZI6Z7HQT_esF7W19GZR7Y72Xo1i5zXRDM9o3GeTIjBrnr3yy41Q_EaUQ7C-b-Hmg94Vy7EBZyBhi_mznz0dYWs2MIXwR86Nni9TmgTXvjgTPF2YGJoZt4TwcMFefW8rijCVyNrCBA0XspDouNJavvG0BEMXYigoThFjLRXS5U3h4BDfNZFZZS3dyliNOXfgRn2k7oITz8h_ueiPvmDRFh38AeQgx1cELhKWc3P5ugtttraSwgH7nP2NUguO9nCrHuL6TZ-KWpmRWZqwH-jYKFQVt3CDpzwNM6XJL-oHbl1x-gI3YYX5w",
  "e": "AQAB",
  "x5c": [
    "MIIDBTCCAe2gAwIBAgIQZSAeaqWig4BHC1ksmNNcgjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDUwNjAwMDAwMFoXDTE5MDUwNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJL7dVZkeJ8JDTPIzFNMJo9oEkvDc52zrdqWSOmex0E/3rBe1tfRmUe2O9l6NYuc10QzPaNxnkyIwa5698suNUPxGlEOwvm/h5oPeFcuxAWcgYYv5s589HWFrNjCF8EfOjZ4vU5oE1744EzxdmBiaGbeE8HDBXn1vK4owlcjawgQNF7KQ6LjSWr7xtARDF2IoKE4RYy0V0uVN4eAQ3zWRWWUt3cpYjTl34EZ9pO6CE8/If7noj75g0RYd/AHkIMdXBC4SlnNz+boLbba2ksIB+5z9jVILjvZwqx7i+k2filqZkVmasB/o2ChUFbdwg6c8DTOlyS/qB25dcfoCN2GF+cCAwEAAaMhMB8wHQYDVR0OBBYEFGKpXQNrF5IoxS6bL4F92+gxOJlIMA0GCSqGSIb3DQEBCwUAA4IBAQA3HgW5SoHlvvQVxqqi+mtscDZLhNfe13iG/nx8Er5il82b79RVydNs+f9sYxc4T4ctnrZu7x5e7jInJedNdAlrPorBdw+SfvKJsmiNndXugMew1FlcQTQVIFDCbziaJav8rKyMxPfeKkc1aixbajWZkKg6OPmmJn2ceTocbn8PMQy20xNvcWUwgF5FZZIuPqu6feOLJcUIYw+0JFZ265xka30QXpmytcIxajIzpD4PRdCIBuVSqgXacAs4t4+w+OhnosD72yvXck8M4GwX1j+vcuyw0yhDGNMmqsHWP7H3jnJiGDrKhhdVyplzDhTfv2Whbv/dIDn+meLE3yyC5yGL"
  ]
},
{
  "kty": "RSA",
  "use": "sig",
  "kid": "VWVIc1WD1Tksbb301sasM5kOq5Q",
  "x5t": "VWVIc1WD1Tksbb301sasM5kOq5Q",
  "n": "wxZQBChCrsCnhy-U6jWszJNnpSwYM3nmF7iwBkp0Qa57Wz7XQLnhUucZe_YkEJg6hJg16XAbZ_3oZnwLqQVlArfu5ldP9IdgOgPJYFGZXamE0v3BFtf1K2leiHqfmt06zJ2NhHCQ5p2yRzrrMV23kjK5bz8a_gQsdkIkBW7qE9TbJFU5D3zPk-sbJi7SIOLx5XRI6eFwu4z1IGooBbNiRopDEdcQizJqH_7PQJuBBk-a-ntI05mZaEZ2nbo8DDu046TEkqA2IRJ1FIvvdxrAi5NQ6E6YcYulNWxUaxBD2e42f9jmhBTBYknN23p3QEmRWvhgFRyDoK-M5XFw1H0mbw",
  "e": "AQAB",
  "x5c": [
    "MIIDBTCCAe2gAwIBAgIQd8BVt03W25FAp3gfq8UytzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE3MDYxNjAwMDAwMFoXDTE5MDYxNzAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMWUAQoQq7Ap4cvlOo1rMyTZ6UsGDN55he4sAZKdEGue1s+10C54VLnGXv2JBCYOoSYNelwG2f96GZ8C6kFZQK37uZXT/SHYDoDyWBRmV2phNL9wRbX9StpXoh6n5rdOsydjYRwkOadskc66zFdt5IyuW8/Gv4ELHZCJAVu6hPU2yRVOQ98z5PrGyYu0iDi8eV0SOnhcLuM9SBqKAWzYkaKQxHXEIsyah/+z0CbgQZPmvp7SNOZmWhGdp26PAw7tOOkxJKgNiESdRSL73cawIuTUOhOmHGLpTVsVGsQQ9nuNn/Y5oQUwWJJzdt6d0BJkVr4YBUcg6CvjOVxcNR9Jm8CAwEAAaMhMB8wHQYDVR0OBBYEFKpiEhEA5eJvMS/oZ19jXTqKOHDLMA0GCSqGSIb3DQEBCwUAA4IBAQA7gStJbp9Drkh+K+jG0cMbxKKqOIWRofqZjvsD4B+cuwqZO5O2mEPQmuW021BpkOQ/aQvmd+J97G2LkIU0EvR4F9pu9fep5ZveXDiOXb7hOKzHprRfi0GO64JvP3Rt7pjSUVix21/rn4p4ESGcx7TdFhRIwix6gXWMxlRQyBaZ3wJyr0YnQl1h4vvgi8o5aB/3tNSbuZDFh4GNjqLgyvHgfiJczqR/odJF6aY+hM9QGu6grVUiWWcujE58Z0DdH1VaCVL/UsHj3n2zrgm4ePT+6cl0QRsEGxvMn3/UZ1CP3FllKGNf1PRyM+XC1N62Bt332Xi1swjLfZLbMxDcdBEf"
  ]
},
{
  "kty": "RSA",
  "use": "sig",
  "kid": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
  "x5t": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
  "n": "oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw",
  "e": "AQAB",
  "x5c": [
    "MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE="
  ]
}
]
}

根据描述，您正在使用Azure AD和Spring Security OAuth实现OAuth 2.0提供程序

根据我的理解，OAuth2.0中的提供者角色实际上是在授权服务和资源服务之间划分的。如果您仅在应用程序中获取令牌并将令牌发送到受Azure AD保护的资源，则无需验证令牌。例如，您的web应用程序实现OAuth 2.0提供程序，使用户能够从Azure AD获取Microsoft Graph的访问令牌，然后您的web应用程序可以使用此访问令牌调用Microsoft Graph。Microsoft Graph将验证访问令牌

如果您还实现了资源服务并通过Spring Security OAuth使用Azure AD对其进行保护，则需要实现

ResourceServerTokenServices

来验证令牌并处理密钥滚动

您可以参考以手动验证访问令牌。关于Spring Oauth2开发的更多详细信息，您可以参考以下链接：