java Webclient Oauth授权流正在进行递归授权调用,而不是触发AceessToken调用Springboot
我试图使用Oauth oidc背后的外部API。我正在使用webclient实现oidc流
进行授权调用并显示登录屏幕,在成功授权后,使用重定向uri代码,它不会触发访问令牌流,而是多次进行授权调用
我对Oauth的webclient很陌生。如果有人能帮我,那就太好了。提前谢谢你的帮助
下面是我的Springboot配置和代码
依赖关系: spring-boot-starter-oauth2-client 弹簧启动webflux 弹簧启动安全 spring boot starter web
**SecurityConfig.java**
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.authenticated()
.and()
.oauth2Login();
return http.build();
}
}
@Bean
WebClient webClient(
ReactiveClientRegistrationRepository clientRegistrations,
ServerOAuth2AuthorizedClientRepository authorizedClients) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth =
new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
authorizedClients);
oauth.setDefaultOAuth2AuthorizedClient(true);
return WebClient.builder()
.filter(oauth)
.build();
}
**application.properties**
spring.main.web-application-type=reactive
spring.security.oauth2.client.registration.custom.client-id=**********
spring.security.oauth2.client.registration.custom.client-secret=mysecret
spring.security.oauth2.client.registration.custom.scope=openid,profile
spring.security.oauth2.client.registration.custom.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.custom.redirect-uri=http://localhost:9090/callback
spring.security.oauth2.client.provider.custom.issuer-uri=url of issuer which has all the info for authorization and token endpoints
**Contoller**
@Autowired
private WebClient webClient;
@GetMapping("/auth")
Mono<String> useOauthWithAuthCode() {
Mono<String> retrievedResource = webClient.get()
.uri("http://localhost:8084/**")
.retrieve()
.bodyToMono(String.class);
return retrievedResource.map(string ->
"Oauth: " + string);
}
当我点击auth端点时,会进行授权调用,用户会看到外部提供者的登录屏幕,用户已成功通过身份验证,并在浏览器中看到带有代码的重定向uri。。但它尝试再次调用authorize调用,看到太多带有代码的重定向uri,尝试太多后失败
共 (0) 个答案