@GetMapping(value = “/user/reg”)
public String registration() {
ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId(“github”);
log.info(githubRegistration.toString());
return githubRegistration.toString();
}
访问之后会返回 registration
信息,其中包含了 clientId
, clientSecret
, authorizationGrantType
, redirectUri
, scopes
等。
实验2:查看获取到的AccessToken
@GetMapping(value = “/user/token”)
public OAuth2AccessToken accessToken(OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
return accessToken;
}
Note: 这里的 issuedAt
, expiresAt
着实诡异,仅差了一秒,是Github
授权服务问题?还没细看是什么原因。。
实验3:通过AccessToken请求Github的API
定义抽象 API
绑定类,通过拦截器将获取到的 AccessToken
设置到后续请求头中,通过 RestTemplate
实现对 API
的请求:
public abstract class ApiBinding {
protected RestTemplate restTemplate;
public ApiBinding(String accessToken) {
this.restTemplate = new RestTemplate();
if (accessToken != null) {
this.restTemplate.getInterceptors().add(getBearerTokenInterceptor(accessToken));
} else {
this.restTemplate.getInterceptors().add(getNoTokenInterceptor());
}
}
private ClientHttpRequestInterceptor getBearerTokenInterceptor(String accessToken) {
return new ClientHttpRequestInterceptor() {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] bytes, ClientHttpRequestExecution execution) throws IOException {
request.getHeaders().add(“Authorization”, "Bearer " + accessToken);
return execution.execute(request, bytes);
}
};
}
private ClientHttpRequestInterceptor getNoTokenInterceptor() {
return new ClientHttpRequestInterceptor() {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] bytes, ClientHttpRequestExecution execution) throws IOException {
throw new IllegalStateException(“Can’t access the Github API without an access token”);
}
};
}
}
将获取 AccessToken
的过程进行封装:
@Configuration
@Slf4j
public class SocialConfig {
@Bean
@RequestScope
public Github github(OAuth2AuthorizedClientService clientService) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String accessToken = null;
if (authentication.getClass().isAssignableFrom(OAuth2AuthenticationToken.class)) {
OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
String clientRegistrationId = oauthToken.getAuthorizedClientRegistrationId();
if (clientRegistrationId.equals(“github”)) {
OAuth2AuthorizedClient client = clientService.loadAuthorizedClient(clientRegistrationId, oauthToken.getName());
if (client != null) {
accessToken = client.getAccessToken().getTokenValue();
}
log.info(accessToken);
}
}
return new Github(accessToken);
}
}
public class Github extends ApiBinding {
private static final String BASE_URL = “https://api.github.com”;
public Github(String accessToken) {
super(accessToken);
}
public String getProfile() {
return restTemplate.getForObject(BASE_URL + “/user”, String.class);
}
}
在 Controller
中新增接口:通过 AccessToken
获取 Github
用户信息:
@GetMapping(value = “/user/info”)
public String info() {
String profile = github.getProfile();
log.info(github.getProfile());
return profile;
}
Note:两个接口的区别:https://api.github.com/users/heartsuit(无需认证),https://api.github.com/user(需要认证)
Controller
的完整代码:
@RestController
@Slf4j
public class HelloController {
@Autowired
private ClientRegistrationRepository clientRegistrationRepository;
@Autowired
private OAuth2AuthorizedClientService authorizedClientService;
@Autowired
Github github;
@GetMapping(value = “/”)
public String index() {
log.info(SecurityContextHolder.getContext().getAuthentication().toString());
return "Welcome " + SecurityContextHolder.getContext().getAuthentication();
}
@GetMapping(value = “/user/reg”)
public String registration() {
ClientRegistration githubRegistration = this.clientRegistrationRepository.findByRegistrationId(“github”);
log.info(githubRegistration.toString());
return githubRegistration.toString();
}
@GetMapping(value = “/user/token”)
public OAuth2AccessToken accessToken(OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient authorizedClient = this.authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
return accessToken;
}
@GetMapping(value = “/user/info”)
public String info() {
String profile = github.getProfile();
log.info(github.getProfile());
return profile;
}
}