use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project best-cloud by shanzhaozhen.
the class AuthorizationServerConfig method registeredClientRepository.
/**
* 配置客户端
* @return
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
// 使用内存作为客户端的信息库
// RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
// // 客户端id 需要唯一
// .clientId("auth")
// // 客户端密码
// .clientSecret("123456")
// // 可以基于 basic 的方式和授权服务器进行认证
// .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
// // 授权码
// .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
// // 刷新token
// .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
// // 客户端模式
// .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
// // 密码模式
// .authorizationGrantType(AuthorizationGrantType.PASSWORD)
// // 重定向url
// // 回调地址名单,不在此列将被拒绝 而且只能使用IP或者域名 不能使用 localhost
// .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
// .redirectUri("http://127.0.0.1:8080/authorized")
// .redirectUri("http://www.baidu.com")
// // 客户端申请的作用域,也可以理解这个客户端申请访问用户的哪些信息,比如:获取用户信息,获取用户照片等
// // OIDC支持
// .scope(OidcScopes.OPENID)
// // 其它Scope
// .scope("all")
// .scope("message.read")
// .scope("message.write")
// .clientSettings(ClientSettings
// .builder()
// // 是否需要用户确认一下客户端需要获取用户的哪些权限
// // 比如:客户端需要获取用户的 用户信息、用户照片 但是此处用户可以控制只给客户端授权获取 用户信息。
// // 配置客户端相关的配置项,包括验证密钥或者 是否需要授权页面
// .requireAuthorizationConsent(true).build())
// .tokenSettings(TokenSettings.builder()
// // accessToken 的有效期
// .accessTokenTimeToLive(Duration.ofHours(1))
// // refreshToken 的有效期
// .refreshTokenTimeToLive(Duration.ofDays(3))
// // 是否可重用刷新令牌
// .reuseRefreshTokens(true)
// .build()
// )
// .build();
// return new InMemoryRegisteredClientRepository(registeredClient);
// return new JdbcRegisteredClientRepository(jdbcTemplate);
// 使用数据库作为客户端的信息库
// JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// jdbcRegisteredClientRepository.save(registeredClient);
// return jdbcRegisteredClientRepository;
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
// 解决json 反序列化 白名单问题
JdbcRegisteredClientRepository.RegisteredClientRowMapper registeredClientRowMapper = new JdbcRegisteredClientRepository.RegisteredClientRowMapper();
registeredClientRowMapper.setObjectMapper(SecurityJacksonConfig.objectMapper);
jdbcRegisteredClientRepository.setRegisteredClientRowMapper(registeredClientRowMapper);
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method registeredClientRepository.
/**
* 创建客户端信息,可以保存在内存和数据库,此处保存在数据库中
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("csdn").clientSecret(passwordEncoder.encode("csdn123")).clientAuthenticationMethod(ClientAuthenticationMethod.BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrantType(AuthorizationGrantType.PASSWORD).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://www.baidu.com").scope("user.userInfo").scope("user.photos").build();
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
if (null == jdbcRegisteredClientRepository.findByClientId("csdn")) {
jdbcRegisteredClientRepository.save(registeredClient);
}
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project platform-base by SummerWindL.
the class AuthorizationConfig method registeredClientRepository.
/**
* 创建客户端信息,可以保存在内存和数据库,此处保存在数据库中
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("csdn").clientSecret("csdn123").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).authorizationGrantType(AuthorizationGrantType.PASSWORD).authorizationGrantType(AuthorizationGrantType.IMPLICIT).redirectUri("https://www.baidu.com").scope("user.userInfo").scope("user.photos").clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).tokenSettings(TokenSettings.builder().accessTokenTimeToLive(Duration.ofHours(1)).refreshTokenTimeToLive(Duration.ofDays(3)).reuseRefreshTokens(true).build()).build();
JdbcRegisteredClientRepository jdbcRegisteredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
if (null == jdbcRegisteredClientRepository.findByClientId("csdn")) {
jdbcRegisteredClientRepository.save(registeredClient);
}
return jdbcRegisteredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project spring-authorization-server by spring-projects.
the class AuthorizationServerConfig method registeredClientRepository.
// @formatter:off
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc").redirectUri("http://127.0.0.1:8080/authorized").scope(OidcScopes.OPENID).scope("message.read").scope("message.write").clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build();
// Save registered client in db as if in-memory
JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
registeredClientRepository.save(registeredClient);
return registeredClientRepository;
}
use of org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository in project custom-spring-authorization-server by andifalk.
the class AuthorizationServerConfig method registeredClientRepository.
/*
* Repository with all registered OAuth/OIDC clients.
*/
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate, PasswordEncoder passwordEncoder) {
RegisteredClient demoClient = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientPkce = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-pkce").clientAuthenticationMethod(ClientAuthenticationMethod.NONE).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientOpaque = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-opaque").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build()).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build()).build();
RegisteredClient demoClientPkceOpaque = RegisteredClient.withId(UUID.randomUUID().toString()).clientId("demo-client-pkce-opaque").clientSecret(passwordEncoder.encode("secret")).clientAuthenticationMethods(methods -> methods.addAll(List.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_POST, ClientAuthenticationMethod.NONE))).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE).build()).redirectUri("http://127.0.0.1:9095/client/callback").redirectUri("http://127.0.0.1:9095/client/authorized").redirectUri("http://127.0.0.1:9095/client").redirectUri("http://127.0.0.1:9095/login/oauth2/code/spring-authz-server").redirectUri("https://oauth.pstmn.io/v1/callback").scopes(scopes -> scopes.addAll(List.of(OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"))).clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build()).build();
// Save registered client in db as if in-memory
JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
registeredClientRepository.save(demoClient);
registeredClientRepository.save(demoClientPkce);
registeredClientRepository.save(demoClientOpaque);
registeredClientRepository.save(demoClientPkceOpaque);
LOGGER.info("Registered OAuth2/OIDC clients");
return registeredClientRepository;
}
Aggregations