Spring Security 5.2.1 + spring-security-oauth2 + WebClient: how to use password grant-type

末鹿安然 提交于 2020-01-24 00:32:09

问题


Here is my current setup:

I'm exposing a WebClient bean with oauth2 filter:

@Configuration
class OAuthConfiguration {
    @Bean("authProvider")
    fun webClient(
        clientRegistrationRepository: ClientRegistrationRepository,
        authorizedClientRepository: OAuth2AuthorizedClientRepository,
        clientHttpConnector: ClientHttpConnector
    ): WebClient {

        val oauth = ServletOAuth2AuthorizedClientExchangeFilterFunction(clientRegistrationRepository, authorizedClientRepository)

        oauth.setDefaultClientRegistrationId("authProvider")
        oauth.setDefaultOAuth2AuthorizedClient(true)

        return WebClient.builder()
            .baseUrl("baseUrl")
            .clientConnector(clientHttpConnector)
            .filter(oauth)
            .build()
    }
}

And I'm using it here:

    fun callExternalService() {

        val retrieve = webClient.get()
            .uri("/uri")
            .retrieve()
            .bodyToMono(String::class.java)
            .block()

        // ...
    }

My application.yml has the following structure

  security:
    oauth2:
      client:
        provider:
          authProvider:
            token-uri: https://authentication-uri.com
        registration:
          authProvider:
            client-id: client-id
            client-secret: client-secret
            authorization-grant-type: authorization_code
            scope: any

This code is failing because my internal authentication service accepts only password grant-type and I can see the response for my auth URL returning a 400 code. Once I change authorization-grant-type: authorization_code to authorization-grant-type: password, spring ignores all the logic of authentication, it does not try to authenticate.

Does anyone know how to implement authorization-grant-type: password?

来源:https://stackoverflow.com/questions/59621397/spring-security-5-2-1-spring-security-oauth2-webclient-how-to-use-password

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!