无法向 Spring OAuth2UserRequest 添加参数

Posted

技术标签:

【中文标题】无法向 Spring OAuth2UserRequest 添加参数【英文标题】:Unable to add parameters to Spring OAuth2UserRequest 【发布时间】:2021-09-27 09:10:36 【问题描述】:

我希望能够将附加参数从客户端传递到 OAuth2 用户服务。在这个 Spring 参考 https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/htmlsingle/#oauth2Client-authorization-request-resolver 之后,我可以将附加参数添加到 OAuth2AuthorizationRequest。当我尝试在自定义 DefaultOAuth2UserService 中检索参数时,它不再是 OAuth2UserRequest 的一部分。

我认为这个问题与 OAuth2AuthorizationRequest 的 resolve 方法被调用两次有关,第二次 authenticationRequest 为空。请参阅下面的调试日志

关于如何解决/解决此问题的任何建议?

客户请求

http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup

详细日志

CustomAuthorizationRequestResolver : in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [Initialized]
CustomAuthorizationRequestResolver: action parameter from HttpServletRequest is [signup]
CustomAuthorizationRequestResolver: number of additional parameters added to OAuth2AuthorizationRequest is [1]
CustomAuthorizationRequestResolver: in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [null]
CustomOAuth2UserService: in CustomOAuth2UserService.loadUser() size of additional parameters [0]

CustomAuthorizationRequestResolver

public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver 
    private final static Logger logger = LoggerFactory.getLogger(CustomAuthorizationRequestResolver.class);
    private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;

    public CustomAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository) 
        this.defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
                "/oauth2/authorize");
    

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) 
        OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
        logger.debug("in CustomAuthorizationRequestResolver.resolve() authorizationRequest is []", 
            authorizationRequest == null ? "null" : "Initialized");
        return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
    

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) 
        OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(
                request, clientRegistrationId);
        return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
    

    private OAuth2AuthorizationRequest customAuthorizationRequest(HttpServletRequest request,
            OAuth2AuthorizationRequest authorizationRequest) 
        String action = request.getParameter("action");
        logger.debug("action parameter from HttpServletRequest is []", action);

        Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
        additionalParameters.put("action", action);

        OAuth2AuthorizationRequest rtn = OAuth2AuthorizationRequest.from(authorizationRequest).additionalParameters(
                additionalParameters).build();

        logger.debug("number of additional parameters added to OAuth2AuthorizationRequest is []", rtn.getAdditionalParameters()
                .size());

        return rtn;
    

CustomOAuth2UserService

public class CustomOAuth2UserService extends DefaultOAuth2UserService 
    private final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);

    @Autowired
    private UserRepository userRepository;

    @Override
    public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException 
        OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);

        logger.debug("in CustomOAuth2UserService.loadUser() size of additional parameters []", oAuth2UserRequest
                .getAdditionalParameters().size());
        // other processing
    
    
    // other methods

【问题讨论】:

OAuth2AuthorizationRequestOAuth2UserRequest 是对不同端点的不同请求。 OAuth2AuthorizationRequest 代表对http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&amp;action=signup 的请求,OAuth2UserRequest 代表对例如http://localhost:3000/userinfo 的请求。附加参数从来都不是OAuth2UserRequest 的一部分。 感谢您的帮助!它帮助我完善了对 OAuth 流程的理解,并改进了我处理业务需求的方式。我追溯了我正在使用的示例代码,并意识到客户端重定向到了个人资料页面。如果您发表评论作为答案,我会将其标记为已接受。 【参考方案1】:

OAuth2AuthorizationRequestOAuth2UserRequest 是对不同端点的不同请求。

OAuth2AuthorizationRequest 代表对http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&amp;action=signup 的请求,而OAuth2UserRequest 代表对例如http://localhost:3000/userinfo 的请求。

附加参数从来不是OAuth2UserRequest 的一部分。

【讨论】:

以上是关于无法向 Spring OAuth2UserRequest 添加参数的主要内容,如果未能解决你的问题,请参考以下文章

我无法向自己的 Spring 引导服务器发出 Angular Http 请求

Spring Boot 管理员:客户端无法通过 https 向管理服务器注册

我的 Angular 4 应用程序无法向 Spring Boot Server 请求令牌

Spring Cloud Netflix 和 Docker Compose - 无法向 eureka 注册服务

Spring Integration XMPP - 如果 XmppConnectionFactoryBean 的属性 autoStartup 配置为 false,则无法向聊天服务器发送消息

SPRING:向Spring安全用户添加自定义用户详细信息