我尝试使用 spring-security-oauth2-client 和 spring-security-oauth2-jose 针对 Azure AD 进行身份验证并获取 JWT token 。
登录部分有效,但我收到的 token 不是 JWT。这是我的配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.loginPage("/oauth2/authorization/azure")
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
}
身份验证后,我从安全上下文中检索 token ,如下所示:
OAuth2AuthenticationToken authentication = (OAuth2AuthenticationToken)
SecurityContextHolder.getContext().getAuthentication();
OAuth2AccessToken accessToken = authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId()
,authentication.getName()
).getAccessToken();
我得到一个不记名 token ,如下所示:
“AQABAAAAAAADXzZ3ifr-GRbDT45zNSEFElTInSJQ19I2zONWkrBPgoKf8MCYL_z_IzU2lmF_ZadgBMdCr337faL0bpqHAzmFhsxq8peWUX7iYeTLbmcHDIdCR617VSKKHISLn_AiXhNr9rF6AMSrQTzdV2mK HEVlycTXlHUSZKA-GMA4z4FQFQMYkFNCLKqr7b-NewnV07lbG55joRIkcCMDrM1s4X8mRcJpRF6ek1yNSpveFmlbkrt3cXPUqtDe5EWI_5gfuGEVion57LFLos_JtcQWSL6CTrULY8EuF8MVuwJpTNG3OR80ik K7ych_dXFCYmYDRrtTbFkf3R61aDSnqEUe2Il2T8QdqWqH65ykSVooG6uIi5KsRK9zXPRuRuC_XC5w6SCcGionQYIgSEp-kCtIzlfHIBRK2o_CpjYVMBdmbfIkCvFoTGGGAvpOP1_MkgVeBiQzYFg8 m_dn_roXFF17oBhCdYrZ2Y41_-GngLU3VJj4ltFIxzRziH6CZ2aFl1N3MwzIUcTiN6Ci0oyODTsSNDPc2zvxg609SjEqrO-6Xp0LMEwiOgY5L5rrcLA5d4LN-Xq9NiG0KqybZPU7wW0AHNA2Nw 7bSg1Cle0ReaBU4ANbkjHxYeQJf65-ONNMGdfkV8xlKtRXZoiOBFip87Z72cS4NjLjM3x9_Qk9MQ5eGQTNj4fHCzJp9ukcjQ1MSUol_VIgaA ”
随后会被 Microsoft Graph API 拒绝。非常感谢任何帮助或建议。
最佳答案
您还可以从 Authentication 对象获取 id token 。您需要将authentication.principal 转换为OidcUser。 OidcUser 为您提供用户的完整详细信息。
OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
OAuth2AuthorizedClient client =
clientService.loadAuthorizedClient(
oauthToken.getAuthorizedClientRegistrationId(),
oauthToken.getName());
if (authentication.getPrincipal() instanceof OidcUser) {
OidcUser principal = ((OidcUser) authentication.getPrincipal());
idToken = principal.getIdToken().getTokenValue();
}
关于spring-security - Spring Security oauth2 客户端 - 如何获取 JWT token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51643956/