"At least one redirect_uri must be registered with the client"
从springboot1.x升到2.x 出现如下异常:
OAuth Error
error="invalid_request", error_description="At least one redirect_uri must be registered with the client."
原因: DefaultRedirectResolver.resolveRedirect
springboot 1.x
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
Set<String> authorizedGrantTypes = client.getAuthorizedGrantTypes();
if (authorizedGrantTypes.isEmpty()) {
throw new InvalidGrantException("A client must have at least one authorized grant type.");
} else if (!this.containsRedirectGrantType(authorizedGrantTypes)) {
throw new InvalidGrantException("A redirect_uri can only be used by implicit or authorization_code grant types.");
} else {
Set<String> redirectUris = client.getRegisteredRedirectUri();
if (redirectUris != null && !redirectUris.isEmpty()) {
return this.obtainMatchingRedirect(redirectUris, requestedRedirect);
//为空返回当前URL地址
} else if (StringUtils.hasText(requestedRedirect)) {
return requestedRedirect;
} else {
throw new InvalidRequestException("A redirect_uri must be supplied.");
}
}
}
springboot 2.X
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
Set<String> authorizedGrantTypes = client.getAuthorizedGrantTypes();
if (authorizedGrantTypes.isEmpty()) {
throw new InvalidGrantException("A client must have at least one authorized grant type.");
}
if (!containsRedirectGrantType(authorizedGrantTypes)) {
throw new InvalidGrantException(
"A redirect_uri can only be used by implicit or authorization_code grant types.");
}
Set<String> registeredRedirectUris = client.getRegisteredRedirectUri();
//为空未抛出异常
if (registeredRedirectUris == null || registeredRedirectUris.isEmpty()) {
throw new InvalidRequestException("At least one redirect_uri must be registered with the client.");
}
return obtainMatchingRedirect(registeredRedirectUris, requestedRedirect);
}
解决方法
1、修改包为2.1.0.RELEASE及以下
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
2、接口
ClientDetails.class
的子类 覆盖方法getRegisteredRedirectUri()
org.springframework.security.oauth2.provider.client.BaseClientDetails
baseClientDetails.setClientId("1111111111111");
baseClientDetails.setClientSecret("2222222222");
Set<String> redirectUri = new HashSet<>(1);
redirectUri.add("http://www.baidu.com");
baseClientDetails.setRegisteredRedirectUri(redirectUri);