Spring Boot and OAuth2 social login, unable to get refreshToken

前端未结

关注

 1  966

There is a guide how to implement OAuth2 using Spring and Spring Boot https://spring.io/guides/tutorials/spring-boot-oauth2/

I need to store OAuth2 information like

相关标签:

1条回答

傲寒

2021-01-16 22:15

First of all: when working with OAuth2 it is necessary to have a good understanding of how the protocol works. It's not too difficult, but you need to have a good grasp of it to be able to work with it. In my opinion the best point of reference is the specification itself: https://tools.ietf.org/html/rfc6749

In response to the conversation below and the existing pull request https://github.com/spring-projects/spring-security-oauth/pull/499 I would (as long as the pull request isn't released) subclass OAuth2ClientAuthenticationProcessingFilter and include the changes as per pull request, then use that class in the ssoFilter method.

Thus:

package com.example;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.client.token.ClientTokenServices;

public class OAuth2ClientAuthenticationProcessingAndSavingFilter extends OAuth2ClientAuthenticationProcessingFilter {

    private ClientTokenServices clientTokenServices;

    public OAuth2ClientAuthenticationProcessingAndSavingFilter(String defaultFilterProcessesUrl, ClientTokenServices clientTokenServices) {
        super(defaultFilterProcessesUrl);
        this.clientTokenServices = clientTokenServices;
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            FilterChain chain, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, chain, authResult);
        if (clientTokenServices != null) {
            clientTokenServices.saveAccessToken(restTemplate.getResource(), SecurityContextHolder.getContext()
                    .getAuthentication(), restTemplate.getAccessToken());
        }
    }

}

and

private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingAndSavingFilter clientFilter = new OAuth2ClientAuthenticationProcessingAndSavingFilter(path, clientTokenService);
       ...

and add a bean for your clientTokenService

0 讨论(0)