spring-boot - OAuth2.0授权spring boot web应用流程
问题描述
我正在使用 java 库客户端进行 Web 应用程序身份验证,我使用客户端密码和客户端 ID 生成授权 url,我还在 google api 控制台中提供了一个重定向 url,但我不知道我是否有必要创建这个服务器来接收刷新令牌?我的意思是在生产中我应该提供一个单独的服务器来接收刷新令牌?(重定向 url 来到这个服务器)主要问题是用户应该自己将生成的 url 粘贴到浏览器上,但我想打开浏览器 authmatic,第二个是关于接收刷新令牌我不确定是否要创建另一台服务器来接收刷新代码,并且我无法使用服务帐户,我将使用 Web 流身份验证。
UserAuthorizer userAuthorizer =
UserAuthorizer.newBuilder()
.setClientId(ClientId.of(clientId, clientSecret))
.setScopes(SCOPES)
.setCallbackUri(URI.create(OAUTH2_CALLBACK_URL_CONFIGURED_AT_GOOGLE_CONSOLE))
.build();
baseUri = URI.create("http://localhost:" + simpleCallbackServer.getLocalPort());
System.out.printf(
"Paste this url in your browser:%n%s%n",
userAuthorizer.getAuthorizationUrl(loginEmailAddressHint, state, baseUri));
这是接收刷新令牌的本地服务器:
private static class SimpleCallbackServer extends ServerSocket {
private AuthorizationResponse authorizationResponse;
SimpleCallbackServer() throws IOException {
// Passes a port # of zero so that a port will be automatically allocated.
super(0);
}
/**
* Blocks until a connection is made to this server. After this method completes, the
* authorizationResponse of this server will be set, provided the request line is in the
* expected format.
*/
@Override
public Socket accept() throws IOException {
Socket socket = super.accept();
}
}
解决方案
对于那些努力通过spring boot使用google oauth2.0获得授权的人,您无法将用户重定向到授权url(google授权服务器使用您的客户端ID和客户端密码)使用控制器重定向用户:
@GetMapping(value = "/redirect-user")
public ResponseEntity<Object> redirectToExternalUrl() throws URISyntaxException {
String url=gs.createUserAuthorizationUrl();
URI authorizationUrl = new URI(url);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setLocation(authorizationUrl);
return new ResponseEntity<>(httpHeaders, HttpStatus.FOUND);
}
在服务层 createUserAuthorizationUrl() 方法如下:
public String createUserAuthorizationUrl() {
clientId = "client-id";
clientSecret = "client-secret-code";
userAuthorizer =
UserAuthorizer.newBuilder()
.setClientId(ClientId.of(clientId, clientSecret))
.setScopes(SCOPES)
.setCallbackUri(URI.create("/oauth2callback"))
.build();
baseUri = URI.create("your-app-redirect-url-configured-at-google-console" + "your-spring-boot-server-port"); //giving redirect url
String redirectURL = userAuthorizer.getAuthorizationUrl(loginEmailAddressHint, state, baseUri).toString();
return redirectURL;
}
让我们创建一个控制器来支持来自 google 授权服务器的 get 请求,并带有代码。我们将使用该代码从 google 获取访问令牌。我通过 @RequestParam 获取状态和代码,我还想将用户重定向到我的应用程序。
@GetMapping(value = "/oauth2callback")
public ResponseEntity<Object> proceedeTOServer(@RequestParam String state,
@RequestParam String code) throws URISyntaxException {
String url="my-application-url-to-redirect-user";
URI dashboardURL = new URI(url);
HttpHeaders httpHeaders=new HttpHeaders();
httpHeaders.setLocation(dashboardURL);
gs.getCode(state,code);
return new ResponseEntity<>(httpHeaders,HttpStatus.FOUND);
}
在服务层的 getCode(code) 中,我将发送到代码并接收刷新令牌或访问令牌:
UserCredentials userCredentials =userAuthorizer.getCredentialsFromCode(code, "your-app-redirect-url-configured-at-google-console" + "your-spring-boot-server-port");