问题
Is it possible to configure Spring Boot to allow Oauth2 grant types password and authorization_code on the same URL. For example /boot
I have done basic authorization configuration as below
security:
oauth2:
client:
accessTokenUri: http://UAA/oauth/token
userAuthorizationUri: http://UAA/oauth/authorize
clientId: ******
clientSecret: ******
resource:
userInfoUri: http://UAA/userinfo
However all endpoints protected by this configuration use form login and redirect to UAA authorization URL even when request is sent with Authorization Bearer **** token header. That means even when I send a Authorization token in postman I get HTTP Status 302 along with HTML response for UAA login page.
回答1:
Instead of having configs in config file, you can configure authorization server to create OAuth clients. Then you can configure clients with multiple grant types, authorities, scopes etc...
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client_id").authorizedGrantTypes("password", "client_credentials")
.secret("secret").authorities("Authority1", "Authority2").scopes("READ", "WRITE").resourceIds("resource_server_id");
}
Please check This Spring OAuth sample for more details.
来源:https://stackoverflow.com/questions/50404610/spring-boot-oauth2-use-multiple-grant-types-for-for-same-url