OAuth 2.0 Client

OAuth 2.0 客户端功能提供了支持,以按照 OAuth 2.0 Authorization Framework 中定义的客户端角色。

The OAuth 2.0 Client features provide support for the Client role as defined in the OAuth 2.0 Authorization Framework.

总体而言,所提供的核心特性包括:

At a high-level, the core features available are:

Authorization Grant support
Client Authentication support
HTTP Client support

  • <<`WebClient` integration for Reactive Environments,oauth2Client-webclient-webflux>> (for requesting protected resources)

ServerHttpSecurity.oauth2Client() DSL 提供了许多配置选项,用于定制 OAuth 2.0 客户端使用的核心组件。

The ServerHttpSecurity.oauth2Client() DSL provides a number of configuration options for customizing the core components used by OAuth 2.0 Client.

以下代码显示了 ServerHttpSecurity.oauth2Client() DSL 提供的完整配置选项:

The following code shows the complete configuration options provided by the ServerHttpSecurity.oauth2Client() DSL:

OAuth2 Client Configuration Options

  • Java

  • Kotlin

@Configuration
@EnableWebFluxSecurity
public class OAuth2ClientSecurityConfig {

	@Bean
	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
		http
			.oauth2Client(oauth2 -> oauth2
				.clientRegistrationRepository(this.clientRegistrationRepository())
				.authorizedClientRepository(this.authorizedClientRepository())
				.authorizationRequestRepository(this.authorizationRequestRepository())
				.authorizationRequestResolver(this.authorizationRequestResolver())
				.authenticationConverter(this.authenticationConverter())
				.authenticationManager(this.authenticationManager())
			);

		return http.build();
	}
}
@Configuration
@EnableWebFluxSecurity
class OAuth2ClientSecurityConfig {

    @Bean
    fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
        http {
            oauth2Client {
                clientRegistrationRepository = clientRegistrationRepository()
                authorizedClientRepository = authorizedClientRepository()
                authorizationRequestRepository = authorizedRequestRepository()
                authorizationRequestResolver = authorizationRequestResolver()
                authenticationConverter = authenticationConverter()
                authenticationManager = authenticationManager()
            }
        }

        return http.build()
    }
}

ReactiveOAuth2AuthorizedClientManager 负责管理 OAuth 2.0 客户端的授权(或重新授权),与一个或多个 ReactiveOAuth2AuthorizedClientProvider(s) 协作。

The ReactiveOAuth2AuthorizedClientManager is responsible for managing the authorization (or re-authorization) of an OAuth 2.0 Client, in collaboration with one or more ReactiveOAuth2AuthorizedClientProvider(s).

以下代码显示了一个如何注册 ReactiveOAuth2AuthorizedClientManager @Bean 并将其与 ReactiveOAuth2AuthorizedClientProvider 组合关联的示例,该组合为 authorization_coderefresh_tokenclient_credentialspassword 授权授权类型提供支持:

The following code shows an example of how to register a ReactiveOAuth2AuthorizedClientManager @Bean and associate it with a ReactiveOAuth2AuthorizedClientProvider composite that provides support for the authorization_code, refresh_token, client_credentials and password authorization grant types:

  • Java

  • Kotlin

@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
		ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {

	ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
			ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
					.authorizationCode()
					.refreshToken()
					.clientCredentials()
					.password()
					.build();

	DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
			new DefaultReactiveOAuth2AuthorizedClientManager(
					clientRegistrationRepository, authorizedClientRepository);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
}
@Bean
fun authorizedClientManager(
        clientRegistrationRepository: ReactiveClientRegistrationRepository,
        authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {
    val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
            .authorizationCode()
            .refreshToken()
            .clientCredentials()
            .password()
            .build()
    val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
            clientRegistrationRepository, authorizedClientRepository)
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
    return authorizedClientManager
}