时间戳

首页 > 解决方案 > Is Authorization code mandatory to grant resource access?

oauth-2.0 - Is Authorization code mandatory to grant resource access?

问题描述

I am working on a Spring Boot web app that needs to access the resource from 3rd party web app. I am trying to understand the working of Oauth2. The 3rd party web app uses Oauth2 to grant the client resource access. The document from 3rd party web app says to send a POST with request parameter in the below-mentioned format.

username=<###>&password=<###>&client_id=<###>&client_secret=<###>&grant_type=password&hcode=<###>

The hcode value is fixed as per the document. I am able to write a java code that successfully fetches me access token (thanks to Google search!). Below are my questions...

  1. What type of grant is being used here?
  2. Is this Authorization code grant? I don't see Authorization code here.

PS: I am new to web application development. I am referring to the below post to understand Oauth2. [https://www.javainuse.com/spring/spring-boot-oauth-introduction]

String content = "-----";
BufferedReader reader = null;
HttpsURLConnection connection = null;
String returnValue = "";

URL url = new URL(CredentialDto.getTockenurl());
connection = (HttpsURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
connection.setRequestProperty("Authorization", "Basic " + 
CredentialDto.getAuthentication());
connection.setRequestProperty("Content-Type", "application/x-www-form- 
urlencoded");
connection.setRequestProperty("Accept", "application/json");
PrintStream os = new PrintStream(connection.getOutputStream());

os.print(content);

os.close();
reader = new BufferedReader(new 
InputStreamReader(connection.getInputStream()));
String line = null;

StringWriter out = new StringWriter(connection.getContentLength() > 0 ? 
connection.getContentLength() : 2048);

while((line = reader.readLine()) != null) {
        out.append(line);
        }

accessToken = out.toString();       
Matcher matcher = PAT.matcher(retuenValue); if(matcher.matches() && 
matcher.groupCount() > 0) { 
              accessToken = matcher.group(1); 
            }

标签: oauth-2.0spring-security-oauth2

解决方案

1 这里使用的是什么类型的赠款?

资源所有者密码凭证 (ROPC)。检查这个RFC

2 这是授权码授予吗?我在这里看不到授权码。

不。

推荐阅读