环境
spring authorization server 0.2.2
spring boot 2.5.2
问题
这么写的话不报错,因为没有配置passwordEncoder
@Bean
public UserDetailsService userDetailsService() {
UserDetails userDetails = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(userDetails);
}
将上边的写法替换为如下,则报错
@Bean
public UserDetailsService userDetailsService() {
return new JbootUserDetailsServiceImpl();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
错误:
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 : [no body]
解决方式
在注册客户端的时候,clientSecret需要有特殊处理:
RegisteredClient loginClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("login-client")
.clientSecret(new BCryptPasswordEncoder().encode("openid-connect"))
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.redirectUri("http://127.0.0.1:8080/login/oauth2/code/login-client")
.redirectUri("http://127.0.0.1:8080/authorized")
.scope(OidcScopes.OPENID)
.scope(OidcScopes.PROFILE)
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
.build();
后记
这个项目的资料网上还比较少,好多配置不熟悉,采坑中。。。
参考:https://github.com/spring-projects/spring-authorization-server/issues/528