use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project best-cloud by shanzhaozhen.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 配置客户端
* @return
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
// 使用内存作为客户端的信息库
// RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
// // 客户端id 需要唯一
// .clientId("auth")
// // 客户端密码
// .clientSecret("123456")
// // 可以基于 basic 的方式和授权服务器进行认证
// .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
// // 授权码
// .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
// // 刷新token
// .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
// // 客户端模式
// .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
// // 密码模式
// .authorizationGrantType(AuthorizationGrantType.PASSWORD)
// // 重定向url
// // 回调地址名单,不在此列将被拒绝 而且只能使用IP或者域名 不能使用 localhost
// .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
// .redirectUri("http://127.0.0.1:8080/authorized")
// .redirectUri("http://www.baidu.com")
// // 客户端申请的作用域,也可以理解这个客户端申请访问用户的哪些信息,比如:获取用户信息,获取用户照片等
// // OIDC支持
// .scope(OidcScopes.OPENID)
// // 其它Scope
// .scope("all")
// .scope("message.read")
// .scope("message.write")
// .clientSettings(ClientSettings
// .builder()
// // 是否需要用户确认一下客户端需要获取用户的哪些权限
// // 比如:客户端需要获取用户的 用户信息、用户照片 但是此处用户可以控制只给客户端授权获取 用户信息。
// // 配置客户端相关的配置项,包括验证密钥或者 是否需要授权页面
// .requireAuthorizationConsent(true).build())
// .tokenSettings(TokenSettings.builder()
// // accessToken 的有效期
// .accessTokenTimeToLive(Duration.ofHours(1))
// // refreshToken 的有效期
// .refreshTokenTimeToLive(Duration.ofDays(3))
// // 是否可重用刷新令牌
// .reuseRefreshTokens(true)
// .build()
// )
// .build();
// return new InMemoryRegisteredClientRepository(registeredClient);
// return new JdbcRegisteredClientRepository(jdbcTemplate);
// 使用数据库作为客户端的信息库
// JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// jdbcRegisteredClientRepository.save(registeredClient);
// return jdbcRegisteredClientRepository;
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// 解决json 反序列化 白名单问题
JdbcRegisteredClientRepository.RegisteredClientRowMapper registeredClientRowMapper = new JdbcRegisteredClientRepository.RegisteredClientRowMapper();
registeredClientRowMapper.setObjectMapper(SecurityJacksonConfig.objectMapper);
jdbcRegisteredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project muses by acgist.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 注意ID不能随机生成否者重启之后Redis不能正确加载
*
* 如果需要指定重定向地址不能使用localhost等等本地回环地址
* 正确跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state
* 不能跳转:http://localhost:9999/oauth2/authorize?response_type=code&client_id=web&client_secret=acgist&scope=all&state=state&redirect_uri=http://localhost:9999/code
*/
@Bean
@ConditionalOnMissingBean
public RegisteredClientRepository registeredClientRepository(PasswordEncoder passwordEncoder) {
// TODO:密码模式
final TokenSettings tokenSettings = this.tokenSettings();
final List<RegisteredClient> clients = new ArrayList<>();
this.oAuth2Config.getClients().forEach((name, secret) -> {
LOGGER.info("注册授权客户端:{}", name);
final RegisteredClient client = RegisteredClient.withId(name).clientId(name).clientSecret(passwordEncoder.encode(secret)).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri(this.oAuth2Config.getRedirectUri()).tokenSettings(tokenSettings).scope("all").build();
clients.add(client);
});
return new InMemoryRegisteredClientRepository(clients);
}
use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project ara by Decathlon.
the class AuthorizationServerConfig method registeredClientRepository.
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClientAC = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("ara-client").clientSecret("{noop}ara-client").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri(String.format("%s/oauth/logincomplete/ara-client-oidc", clientUrl)).scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).scope("ara.read").build();
RegisteredClient registeredClientCC = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("other-client").clientSecret("{noop}other-client").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope(OidcScopes.OPENID).scope("ara.read").build();
return new InMemoryRegisteredClientRepository(registeredClientAC, registeredClientCC);
}
use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project tutorials by csh0034.
the class AuthorizationServerConfig method registeredClientRepository.
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("login-client").clientSecret("{noop}openid-connect").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenTimeToLive(Duration.ofHours(1)).build()).scope("message:read").scope("message:write").build();
return new InMemoryRegisteredClientRepository(loginClient, registeredClient);
}
use of org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository in project spring-security-samples by spring-projects.
the class OAuth2AuthorizationServerSecurityConfiguration method registeredClientRepository.
@Bean
public RegisteredClientRepository registeredClientRepository() {
// @formatter:off
RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("login-client").clientSecret("{noop}openid-connect").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope(OidcScopes.PROFILE).clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).scope("message:read").scope("message:write").build();
return new InMemoryRegisteredClientRepository(loginClient, registeredClient);
}
Aggregations