Oauth2.0|Oauth2.0基于Spring Authorization Server模块client_secret_jwt模式
介绍 处理oauth2.0请求授权client授权模式, 使用授权服务器对客户端进行身份验证时使用的身份验证方法
- client_secret_basic
- client_secret_post
- client_secret_jwt
- private_key_jwt
- none
序号 | 授权服务器对客户端进行身份验证时使用的身份验证方法 | 说明 |
---|---|---|
3 | client_secret_jwt | JwtClientAssertionAuthenticationConverter |
1. maven项目依赖
spring-authorization-server v0.2.2
2. 生成clientId/clientSecurity授权记录 新增客户端授权记录(oauth2_registered_client), 配置jwt属性ClientSettings
@Test
void saveJwt() {
String id = UUID.randomUUID().toString().replaceAll("-", "");
TokenSettings tokenSettings = TokenSettings.builder()
.reuseRefreshTokens(true)
.refreshTokenTimeToLive(Duration.ofDays(7))
.accessTokenTimeToLive(Duration.ofHours(8))
.idTokenSignatureAlgorithm(SignatureAlgorithm.RS256)
.reuseRefreshTokens(false)
.build();
ClientSettings clientSettings = ClientSettings.builder()
.tokenEndpointAuthenticationSigningAlgorithm(MacAlgorithm.HS256)
.build();
RegisteredClient client = RegisteredClient.withId(id)
.clientId("8000000014")
.clientIdIssuedAt(Instant.now())
.clientSecret("a5a0ddb27da70b41d31954d0c51419d8")
.clientSecretExpiresAt(Instant.now().plus(Period.ofDays(20)))
.clientName("Client credentials client_secret_jwt有限公司")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.scope("server")
.tokenSettings(tokenSettings)
.clientSettings(clientSettings)
.build();
registeredClientRepository.save(client);
log.info("===>{}", JsonUtils.toJsonString(client));
}
3. 生成客户端clientSecurity JWT值
String clientId = "8000000014";
String clientSecret = "a5a0ddb27da70b41d31954d0c51419d8";
SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
JWSSigner signer = new MACSigner(secretKeySpec);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject(clientId)
.issuer(clientId)
.claim("username", "19000000000")
.claim("password", "abc@123")
.audience("http://auth-server:9000")
.expirationTime(new Date(new Date().getTime() + 60 * 60 * 60 * 1000))
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
signedJWT.sign(signer);
String token = signedJWT.serialize();
log.info("===>token: {}", token);
4. 基于client_credentials/client_secret_jwt授权模式测试数据
序号 | Http请求Query params | 参数值 |
---|---|---|
1 | scope | 域 |
2 | grant_type | 授权类型:client_credentials |
3 | client_assertion_type | jwt type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer |
4 | client_assertion | Jwt token 值 |
5 | client_id | 8000000014 |
## 基于Authorization client_secret_jwt请求
curl --location --request POST 'http://127.0.0.1:9000/uc/oauth2/token?scope=server&grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4MDAwMDAwMDE0IiwiYXVkIjoiaHR0cDpcL1wvYXV0aC1zZXJ2ZXI6OTAwMCIsInBhc3N3b3JkIjoiYWJjQDEyMyIsImlzcyI6IjgwMDAwMDAwMTQiLCJleHAiOjE2NDc3MjE1NTYsInVzZXJuYW1lIjoiMTkwMDAwMDAwMDAifQ.w3IA5_qoYtrQmZ4fvdqxOsfIuIJ1rwNIU72b8__o7FE&client_id=8000000014'
5.项目完整地址 【Oauth2.0|Oauth2.0基于Spring Authorization Server模块client_secret_jwt模式】Oauth2.0基于Spring Authorization Server client_secret_jwt模式 Github 地址
Oauth2.0基于Spring Authorization Server模块client_secret_jwt模式 Gitee 地址
推荐阅读
- SpringBoot|SpringBoot整合Spring Boot Admin实现服务监控
- 笔记|Jap技术总结
- #|Spring 完整实现流程、完整源码分析
- redis|秒杀项目前期之登录功能
- SpringCloud|Spring Cloud Stream 使用延迟消息实现定时任务(RabbitMQ)
- java|mybatis-plus及常用CRUD方法
- Java|JAVAWEB框架知识点总结
- mysql|搭建SSM框架并实现增删查改功能
- Java|SpringBoot入门项目-基于JPA的App日记后台系统之数据库的创建与JPA的CRUD(二)