无法向 Spring OAuth2UserRequest 添加参数
Posted
技术标签:
【中文标题】无法向 Spring OAuth2UserRequest 添加参数【英文标题】:Unable to add parameters to Spring OAuth2UserRequest 【发布时间】:2021-09-27 09:10:36 【问题描述】:我希望能够将附加参数从客户端传递到 OAuth2 用户服务。在这个 Spring 参考 https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/htmlsingle/#oauth2Client-authorization-request-resolver 之后,我可以将附加参数添加到 OAuth2AuthorizationRequest。当我尝试在自定义 DefaultOAuth2UserService 中检索参数时,它不再是 OAuth2UserRequest 的一部分。
我认为这个问题与 OAuth2AuthorizationRequest 的 resolve 方法被调用两次有关,第二次 authenticationRequest 为空。请参阅下面的调试日志
关于如何解决/解决此问题的任何建议?
客户请求
http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup
详细日志
CustomAuthorizationRequestResolver : in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [Initialized]
CustomAuthorizationRequestResolver: action parameter from HttpServletRequest is [signup]
CustomAuthorizationRequestResolver: number of additional parameters added to OAuth2AuthorizationRequest is [1]
CustomAuthorizationRequestResolver: in CustomAuthorizationRequestResolver.resolve() authorizationRequest is [null]
CustomOAuth2UserService: in CustomOAuth2UserService.loadUser() size of additional parameters [0]
CustomAuthorizationRequestResolver
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver
private final static Logger logger = LoggerFactory.getLogger(CustomAuthorizationRequestResolver.class);
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository)
this.defaultAuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
"/oauth2/authorize");
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request)
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
logger.debug("in CustomAuthorizationRequestResolver.resolve() authorizationRequest is []",
authorizationRequest == null ? "null" : "Initialized");
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId)
OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(
request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(request, authorizationRequest) : null;
private OAuth2AuthorizationRequest customAuthorizationRequest(HttpServletRequest request,
OAuth2AuthorizationRequest authorizationRequest)
String action = request.getParameter("action");
logger.debug("action parameter from HttpServletRequest is []", action);
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("action", action);
OAuth2AuthorizationRequest rtn = OAuth2AuthorizationRequest.from(authorizationRequest).additionalParameters(
additionalParameters).build();
logger.debug("number of additional parameters added to OAuth2AuthorizationRequest is []", rtn.getAdditionalParameters()
.size());
return rtn;
CustomOAuth2UserService
public class CustomOAuth2UserService extends DefaultOAuth2UserService
private final Logger logger = LoggerFactory.getLogger(CustomOAuth2UserService.class);
@Autowired
private UserRepository userRepository;
@Override
public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException
OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
logger.debug("in CustomOAuth2UserService.loadUser() size of additional parameters []", oAuth2UserRequest
.getAdditionalParameters().size());
// other processing
// other methods
【问题讨论】:
OAuth2AuthorizationRequest 和 OAuth2UserRequest 是对不同端点的不同请求。 OAuth2AuthorizationRequest 代表对http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup 的请求,OAuth2UserRequest 代表对例如http://localhost:3000/userinfo 的请求。附加参数从来都不是OAuth2UserRequest 的一部分。
感谢您的帮助!它帮助我完善了对 OAuth 流程的理解,并改进了我处理业务需求的方式。我追溯了我正在使用的示例代码,并意识到客户端重定向到了个人资料页面。如果您发表评论作为答案,我会将其标记为已接受。
【参考方案1】:
OAuth2AuthorizationRequest 和 OAuth2UserRequest 是对不同端点的不同请求。
OAuth2AuthorizationRequest 代表对http://localhost:8080/oauth2/authorize/github?redirect_uri=http://localhost:3000/oauth2/redirect&action=signup 的请求,而OAuth2UserRequest 代表对例如http://localhost:3000/userinfo 的请求。
附加参数从来不是OAuth2UserRequest 的一部分。
【讨论】:
以上是关于无法向 Spring OAuth2UserRequest 添加参数的主要内容,如果未能解决你的问题,请参考以下文章
我无法向自己的 Spring 引导服务器发出 Angular Http 请求
Spring Boot 管理员:客户端无法通过 https 向管理服务器注册
我的 Angular 4 应用程序无法向 Spring Boot Server 请求令牌
Spring Cloud Netflix 和 Docker Compose - 无法向 eureka 注册服务
Spring Integration XMPP - 如果 XmppConnectionFactoryBean 的属性 autoStartup 配置为 false,则无法向聊天服务器发送消息