Spring 弹簧靴OAuth不';t为客户端返回刷新令牌
我在Spring Boot中开发了一个API,我刚刚注意到,当您请求访问令牌时,它不会返回刷新令牌 API的响应如下所示Spring 弹簧靴OAuth不';t为客户端返回刷新令牌,spring,spring-boot,Spring,Spring Boot,我在Spring Boot中开发了一个API,我刚刚注意到,当您请求访问令牌时,它不会返回刷新令牌 API的响应如下所示 { "access_token": "ed0bdc62-dccf-4f58-933c-e28ad9598843", "token_type": "bearer", "expires_in": 2589494, "scope": "read write" } @Configuration public class OAuth2ServerCon
{
"access_token": "ed0bdc62-dccf-4f58-933c-e28ad9598843",
"token_type": "bearer",
"expires_in": 2589494,
"scope": "read write"
}
@Configuration
public class OAuth2ServerConfiguration {
private static final String RESOURCE_ID = "myapi";
@Autowired
DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID)
.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/oauth/**", "/view/**").permitAll()
.anyRequest().authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private JwtAccessTokenConverter jwtAccessTokenConverter;
@Autowired
private DataSource dataSource;
@Autowired
private TokenStore tokenStore;
@Autowired
private CustomUserDetailsService userDetailsService;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.jdbc(dataSource);
}
}
}
我的配置如下所示
{
"access_token": "ed0bdc62-dccf-4f58-933c-e28ad9598843",
"token_type": "bearer",
"expires_in": 2589494,
"scope": "read write"
}
@Configuration
public class OAuth2ServerConfiguration {
private static final String RESOURCE_ID = "myapi";
@Autowired
DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID)
.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/oauth/**", "/view/**").permitAll()
.anyRequest().authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private JwtAccessTokenConverter jwtAccessTokenConverter;
@Autowired
private DataSource dataSource;
@Autowired
private TokenStore tokenStore;
@Autowired
private CustomUserDetailsService userDetailsService;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.jdbc(dataSource);
}
}
}
我以前的项目设置是使用JWT访问令牌,并且确实返回了一个刷新令牌,但是我必须删除JWT,因为它与使用令牌存储不兼容
为了确认,当grant_type=password时,它返回一个刷新令牌,但当它设置为“client_credentials”时则不返回
有人对我的配置为什么不返回刷新令牌有什么建议吗?in(OAuth 2.0授权框架)说“不应该包含刷新令牌”。因此,大多数OAuth 2.0授权服务器的实现都不会在中生成刷新令牌。in(OAuth 2.0授权框架)说“不应包含刷新令牌。”因此,OAuth 2.0授权服务器的大多数实现都不会在中生成刷新令牌。我遇到了相同的问题,然后我更改了此方法,添加了刷新令牌,然后在响应中获得刷新令牌值 静态最终字符串REFRESH\u TOKEN=“REFRESH\u TOKEN”
我得到了相同的问题,然后我改变了这个方法,我添加了刷新令牌,然后在响应中我得到了刷新令牌值 静态最终字符串REFRESH\u TOKEN=“REFRESH\u TOKEN”