问题
I want to whitelist users connecting to my OAuth2 client, and I can't figure out how to get the user name (specifically the Google email address).
I created a Spring Boot OAuth2 application based on a Spring Tutorial
https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_manual
I'm authenticating against Google (successfully). I want to determine the user email address so I can whitelist authenticating users.
This website,
http://www.baeldung.com/spring-security-openid-connect#filter
suggests that I can unpack the "id_token" I get back from Google, something like this:
/**
* logic to unpack a ConnectID id_token like what we get from Google -
* see "Spring Security and OpenID Connect" - heading '4. Custom OpenID Connect Filter':
* http://www.baeldung.com/spring-security-openid-connect#filter
*
* @param oa2token
* @return
*/
private static UsernamePasswordAuthenticationToken getOpenIDDataForToken(OAuth2AccessToken oa2token)
{
try {
String idToken = oa2token.getAdditionalInformation().get("id_token").toString();
Jwt tokenDecoded = JwtHelper.decode(idToken);
Map<String, String> authInfo = new ObjectMapper().readValue(tokenDecoded.getClaims(), Map.class);
OpenIdConnectUserDetails user = new OpenIdConnectUserDetails(authInfo, oa2token);
return new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
} catch (InvalidTokenException e) {
throw new BadCredentialsException("Could not obtain user details from token", e);
}
}
but I can't get this code to compile - I can't figure out how to get class JtwHelper!
I searched around and the following might be the right Maven dependency:
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-jwt -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>
but adding this to my pom.xml doesn't help - I don't get a real Jar file back in my .m2 repository - I get a text file!!! and bottom line, Eclipse doesn't resolve the type JwtHelper.
Help? I'm not sure where I've gone wrong.
回答1:
Looks like an answer on this SO page had my answer (thanks @user2802927):
How to get custom user info from OAuth2 authorization server /user endpoint
Here's the code:
Principal principal = servlet_request.getUserPrincipal();
try {
if (principal != null) {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) principal;
Authentication authentication = oAuth2Authentication.getUserAuthentication();
Map<String, String> details = new LinkedHashMap<>();
details = (Map<String, String>) authentication.getDetails();
Map<String, String> map = new LinkedHashMap<>();
map.put("email", details.get("email"));
logger.debug("details map is: {}", map);
}
} catch (Exception e) {
logger.error("dumping principal " + principal + "failed, exception: ", e );
}
The output showed that I found success - the user's email address!!!
2017-05-23 11:48:26.751 DEBUG 7687 --- [nio-8443-exec-1] ication$$EnhancerBySpringCGLIB$$91415b85 :
details map is: {email=myemailaddress@gmail.com}
来源:https://stackoverflow.com/questions/44138312/how-to-get-google-user-email-to-whitelist-users-when-authenticating-using-spring