WebClient Oauth2 - 令牌类型必须是承载错误
Posted
技术标签:
【中文标题】WebClient Oauth2 - 令牌类型必须是承载错误【英文标题】:WebClient Oauth2 - Token type must be Bearer error 【发布时间】:2022-01-23 19:27:43 【问题描述】:我正在使用 Java 11 和 Spring Boot 中的 OAuth2 授权实现 WebClient。授权服务使用令牌响应 200,但随后显示以下错误:"[invalid_token_response] An error occurred parsing the Access Token response: Token type must be Bearer"
我的 WebClient 配置:
@Bean
public ReactiveClientRegistrationRepository clientRegistrations(
@Value("$spring.security.oauth2.client.provider.apigee.token-uri") String tokenUri,
@Value("$spring.security.oauth2.client.registration.apigee.client-id") String clientId,
@Value("$spring.security.oauth2.client.registration.apigee.client-secret") String clientSecret,
@Value("$spring.security.oauth2.client.registration.apigee.scope") String scope,
@Value("$spring.security.oauth2.client.registration.apigee.authorization-grant-type") String authorizationGrantType)
ClientRegistration registration = ClientRegistration
.withRegistrationId(REGISTRATION_ID)
.tokenUri(tokenUri)
.clientId(clientId)
.clientSecret(clientSecret)
.scope(scope)
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
.authorizationGrantType(new AuthorizationGrantType(authorizationGrantType))
.build();
return new InMemoryReactiveClientRegistrationRepository(registration);
@Bean
public WebClient webClient(ReactiveClientRegistrationRepository clientRegistrations)
InMemoryReactiveOAuth2AuthorizedClientService clientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrations);
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
clientRegistrations, clientService);
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
oauth.setDefaultClientRegistrationId(REGISTRATION_ID);
return WebClient.builder()
.filter(oauth)
.build();
还有属性
spring.security.oauth2.client.registration.apigee.client-id=client-id
spring.security.oauth2.client.registration.apigee.client-secret=client-secret
spring.security.oauth2.client.registration.apigee.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.apigee.client-authentication-method=client_secret_post
spring.security.oauth2.client.registration.apigee.scope=write,read
spring.security.oauth2.client.provider.apigee.token-uri=https://host/v1/authorization
【问题讨论】:
【参考方案1】:spring.security.oauth2.client.provider.apigee.token-uri=https://host/v1/authorization
这似乎是这里的问题。 token-uri 应该如下:
https://hostname:port/oauth2/v2.0/token
例如:如果 IDP 是 Azure AD,则 URI 如下:
https://login.microsoftonline.com/<Client URI>/oauth2/v2.0/token
【讨论】:
以上是关于WebClient Oauth2 - 令牌类型必须是承载错误的主要内容,如果未能解决你的问题,请参考以下文章
如何使用带有 WebClient 的 spring-security-oauth2 自定义 OAuth2 令牌请求的授权标头?
Spring Boot 2 OIDC(OAuth2)客户端/资源服务器未在 WebClient 中传播访问令牌
如何像在 RestTemplate 中一样从 WebClient 获取访问令牌?
是否支持 Spring Boot WebClient OAuth2 client_credentials?