问题
I am working on setting up an OAuth2.0 authorization server using Spring security. I want to know if there is a way to dynamically register an OAuth2.0 client after the OAuth2.0 authorization server is up and running?
Basically, I know that I can register a client while configuring the OAuth2.0 server by extending the AuthorizationServerConfigurerAdapter and overriding the configure method to add the client details in memory. However, this way the client is pre-registered and I would like to know how to dynamically add the client details.
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient(CLIENT_ID)
.secret(CLIENT_SECRET)
.authorizedGrantTypes("authorization_code", "implicit")
.redirectUris("http://junk/")
.scopes("cn")
.accessTokenValiditySeconds(600);
// @formatter:on
}
回答1:
You should be able to just use the JdbcClientDetails (there are even convenience methods similar to the in memory ones):
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder)
.withClient("my-trusted-client")
... etc.
(Code taken from here: https://github.com/spring-projects/spring-security-oauth/blob/master/tests/annotation/jdbc/src/main/java/demo/Application.java#L102.) Then you have a database with data you can change at runtime as much as you want.
来源:https://stackoverflow.com/questions/35783430/spring-oauth2-0-dynamically-register-oauth2-0-client