问题:
在学习spring in action第8章时,构建完授权服务器后(127.0.0.1:9000)用curl模拟客户端访问授权服务器申请授权码成功,但是使用授权码再向授权服务器申请token令牌的时候返回{error:invalid_client}(错误码403)。
解决方案:
1、将书中的pom依赖org.springframework.security.experimental改为org.springframework.security,version 0.2.2。
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.2.2</version>
</dependency>
2、在授权服务器的配置中增加ProviderSettings bean。
@Bean
public ProviderSettings providerSettings() {
return ProviderSettings.builder().issuer("http://127.0.0.1:9000").build();
}
3、对于原有RegisteredClientRepository的构建中,重构clientSettings方法以及配置对应的ClientSetting对象(新的ClientSetting只允许以clientSetting类型为输入)
@Bean
public RegisteredClientRepository registeredClientRepository(PasswordEncoder encoder){
ClientSettings settings = ClientSettings.builder()
.requireAuthorizationConsent(true)
.build();
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("client")
.clientSecret(encoder.encode("XXXXX"))
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.redirectUri("http://127.0.0.1:9090/login/oauth2/code/client")
.scope("writeIngredients")
.scope("deleteIngredients")
.clientSettings(settings)
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}